Internal Launch Industries documentation. Do not share outside the team.
Employee Handbook
11. Confidentiality, Data Protection & InfoSec

One-line summary: The deeper PII / GLBA / FTC Safeguards Rule policy that applies to all team members, including employees and contractors — passwords (12-char minimum, MFA, 1Password), file/data management, screen lock, secure transmission (SFTP, VPN), phishing/malware awareness, plus specific safeguards for macOS and PC users, and the incident-response process.

Confidentiality, Data Protection & Information Security Policy

At Launch Industries LLC, safeguarding confidential information and Personally Identifiable Information (PII) is a top priority. This policy establishes clear technical safeguards, operational practices, and employee responsibilities to protect sensitive data while ensuring compliance with legal requirements such as the Gramm-Leach-Bliley Act (GLBA), FTC Safeguards Rule, and other applicable regulations. All Team Members, including employees and contractors, must adhere to this policy to maintain the confidentiality, integrity, and security of data.

Policy objectives

  1. Ensure compliance with all relevant privacy and data protection laws, including GLBA and IRS Publication 1075.
  2. Define clear technical safeguards and best practices for protecting PII.
  3. Outline Team Member responsibilities to prevent unauthorized access, misuse, or theft of sensitive data.

Scope

This policy applies to all Team Members at Launch Industries, including employees and contractors, who handle or access PII. It governs the collection, storage, processing, transmission, and disposal of PII on all devices and systems, including macOS, Windows PCs, and mobile devices.

Definition of Personally Identifiable Information (PII)

PII refers to any information that can uniquely identify an individual. Examples include:

  • Taxpayer Identification Numbers: Social Security Numbers (SSNs), Employer Identification Numbers (EINs).
  • Financial Information: Bank account details, credit card numbers, and income or filing records.
  • Personal Contact Details: Phone numbers, email addresses, and home addresses.
  • Government-Issued Identifications: Driver's license or state-issued ID numbers.

General technical safeguards

Password security and authentication

  • Use strong, unique passwords with a minimum of 12 characters, combining uppercase and lowercase letters, numbers, and symbols.
  • Do not reuse passwords across systems or applications.
  • Enable Multi-Factor Authentication (MFA) to add an extra layer of security for systems containing sensitive data.
  • Use 1Password as the company's password management solution to securely store and manage credentials.

File and data management

  • Store all work-related files containing PII on company-approved systems, such as encrypted shared drives or cloud storage.
  • Encrypt sensitive files before transmission and share passwords for encrypted files via separate communication channels.
  • Avoid storing sensitive data on unauthorized external devices (e.g., USB drives).

Screen lock and privacy

  • Configure devices to lock automatically after a period of inactivity (e.g., 10 minutes).
  • Ensure sensitive data is not visible on screens in public areas.

Secure data transmission

  • Use Secure File Transfer Protocol (SFTP) or other encrypted methods for transmitting sensitive data.
  • When working on public Wi-Fi, always use a Virtual Private Network (VPN) for secure communication.
  • Avoid transmitting PII through unsecured channels, such as personal email.

Phishing and malware awareness

  • Be vigilant about phishing emails or links from untrusted sources.
  • Avoid clicking on suspicious links or downloading attachments from unknown senders.
  • Immediately report phishing attempts or suspicious activity to HR at hr@launchindustries.biz.

Google Chrome security features

  • Google Chrome provides robust security tools such as end-to-end encryption, Safe Browsing, and sandboxing technology.
  • Ensure that all sensitive data is transmitted only over secure HTTPS connections.

Technical safeguards for macOS users

  • Enable FileVault for full-disk encryption to secure all data stored on macOS devices.
  • Activate the macOS firewall to block unauthorized access to the system.
  • Keep macOS and applications updated with the latest security patches.
  • Use Safari's fraudulent website warnings to avoid malicious sites.

Technical safeguards for PC users

  • Use BitLocker (or equivalent encryption software) to encrypt the PC's hard drive.
  • Enable the Windows firewall and use Windows Defender for anti-virus and anti-malware protection.
  • Regularly update the Windows operating system and installed applications.
  • Leverage Windows Defender's anti-phishing and anti-malware tools.

Incident response and reporting

  1. Reporting incidents. Immediately report any suspected or confirmed unauthorized access, theft, or misuse of PII to HR at hr@launchindustries.biz.
  2. Containment and mitigation. Follow instructions from HR or other designated personnel to address and mitigate the incident.
  3. Post-incident review. A thorough review will be conducted to identify vulnerabilities and implement corrective measures.

If you notice any outdated information or typos, or need clarification on any policies, please email hr@launchindustries.biz.

10. Safety & Security12. Cybersecurity Policy