Your Campers Are Safe

By Amanda Zoellner

Camp professionals conscientiously protect campers’ physical safety and security. However, many of us aren’t trained to think in the same way about the safety and security of the personal information we collect. Even at a camp where campers don’t have internet access or cell phones, credit-card numbers are collected from parents, and driver’s licenses and Social Security numbers of staff members are recorded. As a good business practice--and sometimes for legal reasons--we have a responsibility to protect this information.

Mass Audubon--a statewide conservation organization that operates wildlife sanctuaries in 90 Massachusetts communities, including 16 day camps and an overnight camp--had an opportunity over the past year to think critically as an organization about the personal information we collect, and how we keep it safe. On March 1, 2010, new regulations governing personal information went into effect (201 CMR 17.00 Standards for the Protection of Personal Information of Residents of the Commonwealth). These provisions apply to anyone who owns or licenses personal information about a Massachusetts resident; this includes any combination of a name with a credit card, bank account, Social Security, driver’s license, or state-ID card number.

What we learned can be helpful to you, even if your camp doesn’t serve Massachusetts residents. We developed a comprehensive plan to secure personal information, with customized procedures for each location where personal information may be collected or stored. At each of our camps, sanctuaries and offices, one staff member is responsible for maintaining and annually updating the written plan, answering or referring questions, and training staff members to protect personal information.

Cutting Back
In implementing the plan, we made a conscious decision to collect and retain less personal information. For example, photocopies of checks were made to keep with bank-deposit records. While most checks are not copied anymore, bank-account numbers are obscured on those that are kept. We’ve also made it easier to destroy information no longer needed. For example, registration forms were reformatted so credit-card numbers can be sliced off and shredded. Credit-card machines also have been programmed to print only the last four digits of card numbers on receipts. In addition, camp registration forms are no longer accepted via fax because camp faxes don’t come into a secure area. And since the financial-aid application asks families to provide proof of income, usually with a copy of a tax return, applicants are now asked to obscure Social Security and bank-account numbers before making copies so we don’t see this information.

Locking Up Files
For physical layers of security, a lock has been added to the file cabinet that holds financial and personnel files; another locked cabinet stores materials scheduled to be destroyed periodically with a contracted document-shredding company. Cross-cut shredders also have been purchased to destroy small amounts of information as needed, both in the central office and at the various camp locations. For electronic security, the information-technology department now includes individual network accounts for every user, more frequent password changes, password-protected areas of our intranet where sensitive information can be stored and viewed, and software that detects and prevents saving or transmission of personal information in unsecure electronic files. Reminders also have been added to e-mail signatures and the Web site to inform people that it’s not secure to send personal information by e-mail.

Reworking Procedures
More work still needs to be done to make sure everyone understands the new protocol. In the central office, anyone who opens mail or takes camp registrations over the phone has learned how to handle this information. At camp this summer, seasonal staff will be trained differently. Previously in the camp store, for example, credit-card information from parents was collected on the back of the camp-store purchase log. Now, the information will be separated so that the credit-card information can be taken to the office and stored securely, while the camp-store purchase log stays at the store.

Meanwhile, another part of the plan addresses what to do if personal information is lost or stolen; it’s reassuring to have a process in place should this ever happen, just like having a process to handle an extreme weather event or medical emergency.

And because camps have to verify employment, conduct background checks, and issue paychecks, there is typically more personal information for staff members than for campers. To protect this information, some employment forms have been changed--driver’s license information can only be sent to the person who checks driving records, and Social Security numbers only to the payroll department. We store much of this information centrally, rather than keeping copies of everything at various sanctuaries and camps.

Historical Data
One challenge we’ve encountered in this process is deciding what to do with historical information: decades of camp registrations that may be the only records of camp alumni, or health records that we must keep for a set period of time. Much of this doesn’t contain regulated personal information, but sometimes it is not clear. For example, an old health form asked for a camper’s Social Security number because that was routinely used as a health-insurance identification number. We didn’t have staff time available to sort through 60 years’ worth of information, so instead, this information is being stored in a locked space. Over the years when there’s time, we’ll verify what we have, keep what is needed, and securely destroy the rest. For files that were purged, it was satisfying to have newly emptied file cabinets.

Follow The Rules
Throughout the process of implementing a personal-information security plan, we’ve all become more educated about the information we need to protect. This awareness has also transferred into other areas of protecting information, such as locking computer screens, turning over information on our desks if we have to step away for a few minutes, and closing window shades at the end of the day.

To be sure that you’re caring for campers’ and staff members’ personal information, here are steps to follow:

  • Verify the information you are legally required to protect under state and federal laws. You may have to think about more than just your state, if you have campers or staff from other states.
  • Evaluate the information currently collected. If not all of it is needed, revise forms and collect less in the future.
  • When eliminating personal information, make sure it’s securely destroyed, whether it’s paper, computer discs, or electronic records.
  • Create a plan and train staff members so that everyone knows the procedures for keeping personal information secure and what to do if there’s a problem.

Wherever possible, we’ve shared these new practices informally with camp families, letting them know that, for example, their credit-card information is not kept on file from year to year. Initially, a parent may have perceived this as an inconvenience, but once it was explained, they were grateful for the care with which their personal information was handled, just as they were grateful for the ways in which we care for their children.

Amanda Zoellner is the Administrative Director at Wildwood: A Mass Audubon Camp for outdoor exploration, where she’ll spend her sixth summer in 2010. She can be reached via e-mail at,