By Amanda Zoellner

Camp professionals conscientiously protect campers’ physical safety and security. However, many of us aren’t trained to think in the same way about the safety and security of the personal information we collect. Even at a camp where campers don’t have internet access or cell phones, credit-card numbers are collected from parents, and driver’s licenses and Social Security numbers of staff members are recorded. As a good business practice--and sometimes for legal reasons--we have a responsibility to protect this information.



Mass Audubon--a statewide conservation organization that operates wildlife sanctuaries in 90 Massachusetts communities, including 16 day camps and an overnight camp--had an opportunity over the past year to think critically as an organization about the personal information we collect, and how we keep it safe. On March 1, 2010, new regulations governing personal information went into effect (201 CMR 17.00 Standards for the Protection of Personal Information of Residents of the Commonwealth). These provisions apply to anyone who owns or licenses personal information about a Massachusetts resident; this includes any combination of a name with a credit card, bank account, Social Security, driver’s license, or state-ID card number.

What we learned can be helpful to you, even if your camp doesn’t serve Massachusetts residents. We developed a comprehensive plan to secure personal information, with customized procedures for each location where personal information may be collected or stored. At each of our camps, sanctuaries and offices, one staff member is responsible for maintaining and annually updating the written plan, answering or referring questions, and training staff members to protect personal information.