The Advisory Board believes that it is a person’s right to have their personal information kept private. Therefore, we have implemented privacy protections including technical security measures, to keep personal information private and secure. To support this philosophy, we will:
Private Information means any information relating to an individual that identifies that individual or could reasonably be used to identify the individual regardless of the medium involved (e.g., paper, electronic, video, audio). Private Information also can constitute “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). For a copy of our separate HIPAA Statement, please send your request to email@example.com
The Advisory Board seeks to collect and use Private Information it acquires as a business from individuals and third parties only in a lawful manner.
Advisory Board members also should be aware that, by participating in our online and offline networks and services, such as retreats, blogs, and other conferences, Private Information about them and/or their individual employees might be made available or visible to other Advisory Board members throughout the world to facilitate intelligence sharing across our membership. If you are uncomfortable with this transfer of your or your individual employees’ Private Information, you should not use those services.
Our collection and use of Private Information is essential to the conduct of many of the Advisory Board's business functions. Examples of the purposes for which the Advisory Board collects and uses Private Information include:
In those cases where we obtain Private Information about an individual from the individual directly, we inform that individual of (or make available to that individual information relating to) the type of data we collect, the purposes for which we collect it, how to contact us with any inquiries or complaints, the types of parties to whom we might disclose the Private Information, the privacy and information safeguards we employ, and that person’s right to access and, if necessary, correct the Private Information. We will provide or make available this notice when individuals are first asked to provide Private Information to the Advisory Board, or as soon thereafter as is practicable.
We may share individuals' Private Information with our corporate affiliates, divisions, or subsidiaries, or with third parties who are acting on our behalf to enable us to provide the individuals with certain employee-related benefits and services or to provide services to the Advisory Board member that provided us with the Private Information. In addition, where consent of individuals or their representatives (such as a member of an Advisory Board program) for the collection, use, or disclosure of Private Information is required by law, contract or agreement, we will obtain such consent or seek assurance that the Advisory Board member obtained such consent.
Yes. In certain limited or exceptional circumstances, and in accordance with legal requirements, we disclose an individual's Private Information without the individual's consent, such as (a) when we are required to disclose the information by law or legal process, (b) when the vital interests of the individual, such as life or health, are at stake, or (c) when we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property or safety of the Advisory Board, our members, customers or others. If an individual’s Private Information is provided to us by a third party (such as a member of an Advisory Board program), we may share the individual’s Private Information with such member.
Please note that, when an individual or an individual’s organization becomes an Advisory Board member, we may make information about the individual (including contact and institutional information) available to other members through online and offline services. We may share aggregate or anonymous information with third parties, including advertisers, investors and partners. This information does not contain any Private Information and is used to develop content and services that we hope the individual and our member will find of interest.
We will make reasonable efforts to address the concerns of any individual who objects to providing us his or her Private Information. See also the complaint resolution procedures set forth below.
The Advisory Board provides individuals about whom it maintains Private Information with a reasonable opportunity to examine their information, to challenge its accuracy, and to have it corrected, amended or deleted as appropriate, subject to certain exceptions.
Upon request, individuals will be given reasonable access to the Private Information that the Advisory Board holds about them. Reasonable access applies to both the process of accessing Private Information and the types of Private Information to be accessed. In terms of the process, reasonable access means, for example, that requests for access are made during normal business hours, following standard procedures, and that the frequency of access requests is not excessive. In terms of the types of Private Information to be accessed, reasonable access means recognizing certain exceptions discussed in frequently asked question #2 that follows. If we deny an individual access, however, we will provide such individual with the reason(s) for denying access and a contact point for further inquiries.
If we are notified that Private Information maintained by us is incorrect, where requested and provided with appropriate supporting documentation, we will either correct the information or direct the individual to the source of the information for correction. If, upon review, we believe that the existing information is correct, we will inform the individual. If the individual continues to dispute the accuracy of the information, the Advisory Board will note that dispute in the individual’s record upon request.
Yes, there are some exceptions to the obligation to provide access. These may include access to confidential or proprietary information, such as physician notes, or situations in which granting access might have to be balanced against the privacy interests of others. In addition, access may be denied when the information requested relates to an ongoing investigation of the individual, litigation or potential litigation or where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy. In cases of sensitive medical information, it may be more appropriate to provide such information to the individual’s health care provider who in turn can provide such information to the individual and be available to interpret properly the meaning of the information collected.
The Advisory Board employs reasonable steps to keep Private Information accurate, complete and up-to-date.
Yes. Keeping Private Information as accurate, complete and up-to date as required for the purposes for which it is used is in the best interests of both individuals and the Advisory Board. We expect all individuals to assist it in keeping the Private Information we hold about them accurate, complete and up-to-date, and facilitates cooperation by individuals in doing so.
The Advisory Board has implemented technical and organizational security measures to help protect against unauthorized access to or unauthorized alteration, disclosure or destruction of Private Information. We review our systems regularly to help ensure that the security and integrity of personal information in our possession is not compromised. Unfortunately, no data transmission over the Internet can be guaranteed to be entirely secure, and we do not assume any liability for any damage suffered by you caused by the interception, alteration, or misuse of information during transmission that is outside of our reasonable control.
Within the Advisory Board, we restrict access to Private Information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our programs and services. We subject our third party contractors and agents to contractual controls to help ensure that they apply suitable protections to any personal information they access or receive from us.
Individuals play a vital role in maintaining security by, for examples, protecting passwords used to access a system, keeping their own paper records under lock and key when not in use, and disposing of records and reports no longer needed in a secure manner. Effective security with respect to Advisory Board websites depends, in part, on Advisory Board members and their employees ensuring that any IDs and passwords that they have been issued by us are kept confidential and secure and that members adhere to the restrictions on password and ID-sharing.
Access to Private Information about individuals is given only to those employees, vendors, Advisory Board members or other persons with a legitimate need to know the information to carry out their responsibilities.
It is the Advisory Board’s policy to grant employees, agents and contractors access only to the amount of information necessary to carry out their responsibilities.
Advisory Board websites contain business-related content and are specifically aimed at and designed for use by adults. We do not knowingly solicit or collect Private Information from or about individuals under the age of 18 years other than from Advisory Board members that provide such information to us as part of an Advisory Board program. If we discover that we have received Private Information from an individual whom we believe to be under the age of 18 in some other manner, we will delete such information from our systems.
For more information on Safe Harbor, please see http://www.export.gov/safeharbor/.
Responsibilities of the Advisory Board Compliance Officer include:
Compliance measures may include:
All individuals having questions or complaints concerning the Advisory Board’s privacy practices can send an e-mail message to firstname.lastname@example.org, leave a voicemail message at 1-800-523-3391, or send a fax to 202-266-6633, Attention: Compliance Officer. You may also send a letter to Compliance Officer, The Advisory Board Company, 2445 M Street, N.W., Washington, DC 20037.
The Advisory Board Compliance Officer will be able to provide additional information about the use of independent dispute resolution mechanisms.