Privacy and Security

Capital Region Food Program Electronic Privacy and Security Policy

The Capital Region Food Program (CRFP) will protect the privacy and security of anyone who accesses or receives CRFP-Maintained Electronic Communication.


The CRFP recognizes the inherent risks of any Internet-based communications and believes it is incumbent upon the CRFP to ensure that the tools it uses to generate and distribute CRFP content do not become a vector used by non-CRFP interests to attack or collect information from or about members of the CRFP community. In addition to protecting the CRFP community, this serves to protect the reputation of the CRFP.


Designated Representatives: CRFP representatives who have been assigned or approved by the CRFP Marketing and Technologies Committee to engage with the public using CRFP-Maintained Electronic Communication.

CRFP-Maintained Electronic Communication: Any Web page, collection of Web pages, or Web-based communication whose content is generated and/or controlled by CRFP. This definition includes the website and any platform used to create, host, or distribute CRFP content, including Constant Contact.

Contact Management: Contact Management is a web-based tool that facilitates the collection and maintenance of lists of individuals for the purposes of electronically distributing content. Information collected on individuals may include but is not limited to name and email address.

Procedural Elements:

  • The Capital Region Food Program Electronic Privacy and Security Policy will be published on the CRFP website.
  • General – applicable to all CRFP-Maintained Electronic Communication tools
    • Administrative login accounts
    • Where possible, Designated Representatives will be assigned individual login accounts to which administrative capabilities are given.
    • Designated Representatives will use complex passwords even when the communication tool does not enforce their use.
    • Designated Representatives may not share individual login accounts.
    • A Designated Representative’s login account will be immediately disabled and/or deleted upon that person leaving her/his Designated Representative role.
  • Contact Management 
    • Individual contact information
      • The CRFP will not use any contact management tool that does not give the CRFP complete and unrestricted ownership to its contact lists and the contact information of the individuals contained in those lists.
        • Neither the contact management tool vendor nor the contact management tool host, if applicable, will be allowed access to contact lists or contact information.
        • If a contact management tool is hosted, all contact lists and contact information will be permanently deleted from the hosting site when the CRFP terminates its relationship with the hosting site.
      •  The CRFP contact management tool will store only individuals’ name and email address.
      • The CRFP will not share individuals’ information with non-CRFP entities.
      • In the event that the contact management tool contact lists and/or individual information are obtained by a non-CRFP entity, all affected individuals will be notified.
    • Individual contact opt-in / opt-out
      • Individuals providing their contact information at CRFP events will be presumed to opt-in to receiving CRFP content.
      • All content distributed through the contact management tool will contain a link back to the contact management tool that allows the content recipient to opt-out from receiving future content.
      • All content distributed through the contact management tool and the CRFP website will feature an email address to which content recipients may send opt-out requests.
  • Website Management 
    • The website will not collect or maintain any personally identifiable information.
    • Where applicable, the website design will delegate risk to third parties.