Privacy and Security
Last Modified Date: April 1, 2011
The Educational Employees' Supplementary Retirement System of Fairfax County (ERFC) is
pleased to provide ERFCDirect, an online gateway which provides
ERFC members and benefit recipients a means of direct, secure access to relevant retirement
benefit information and online features. ERFC understands the importance of securing
member's personal information and takes industry-standard precautions to maintain your
privacy and prevent unauthorized access. Here's how.
|
What
|
Description
|
When
|
|
ERFCDirect Registration
|
During Registration, you will create your preferred Username and Password.
|
If you are a first-time user, you must register to gain access to
ERFC
Direct.
|
|
User Authentication
|
ERFCDirect performs user authentication by asking for your Employee ID or an
ERFCDirect PIN at time of Registration and for your Username and Password at
time of Login.
|
ERFCDirect requires authentication when creating and accessing an
ERFCDirect account. Our system logs you out when there is not site activity
for a certain period of time.
|
|
ERFCDirect Personal Identification Number (PIN)
|
ERFC provides the user with an ERFCDirect PIN to use during the registration process.
|
If needed for the registration process, ERFC will provide the user with a unique
ERFCDirect PIN.
|
|
Challenge Questions
|
Security questions utilized to protect your account.
|
The user selects the challenge questions during Registration. Once registered, if
the user selects the ERFCDirect features "Forgot Your Password" or "Forgot
Your Username", the challenge questions will be presented and must be answered
with the exact response given during Registration.
|
|
Encryption Methods
|
ERFCDirect uses industry standard technology to keep safe and secure the
information that is transmitted through ERFCDirect. "VeriSign Secure"
technology is utilized which encrypts (scrambles) your personal information.
|
When accessing your ERFCDirect account, you are viewing your data via the
Internet and the data is protected through encryption as it travels between the
database and your computer.
Member and benefit recipient data is maintained in a secure database behind the
Fairfax County Public Schools firewall.
|
|
Session-based cookies
|
ERFCDirect uses "session-based" cookies stored on an ERFC secure server.
Neither login credentials nor other sensitive information are stored in these
cookies.
|
These cookies are used as a reference to your active ERFCDirect session
and expire when you log out of ERFCDirect or leave the computer idle causing
the session to time-out.
|
Online security cannot be achieved without appropriate measures being taken by the end-user
as well. The following include responsibilities that you, as an end-user, must fulfill in
order to ensure the secure use of ERFCDirect.
|
What
|
Description
|
|
Protect Your ERFCDirect PIN
|
The ERFCDirect Personal Identification Number (PIN) supplied by ERFC should
immediately be used to create your ERFCDirect account. If you do not wish to
access ERFCDirect, destroy the PIN supplied by ERFC. If you want to establish
an ERFCDirect account, do so upon receipt of the PIN.
Once the account is created, the PIN is no longer active.
|
|
Protect your Username and Password
|
Never store your Username or Password in your browser, or share them with
family or friends.
If you forget your Password, you will have the option to provide your Username
and have a system-generated Password sent to you by e-mail which will allow
you access to your ERFCDirect account.
Recommendation: Upon login, reset your system-generated Password to a user-defined
Password.
Never enter your Username or Password any anywhere other than on the ERFCDirect
Registration, Login, or Forgot Your Password pages.
Change your password periodically.
|
|
Protect Your Computer
|
Ensure your computer has the most current anti-spyware, anti-virus and firewall
software.
|
|
Keep Your Browser Up to Date
|
Always use an up-to-date, supported browser with at least 128-bit encryption.
|
|
Do Not Reply to E-mail Requests
|
ERFC will not ask for personal information in an e-mail. Do not provide your
ERFCDirect PIN, Username or Password, or click suspicious links.
|
|
Log Off from ERFCDirect
|
Close your browser after you log off/sign out. Do not leave your computer
unattended while accessing ERFCDirect.
|
|
Notify ERFC in Case of Suspected Tampering
|
If you see unexplained changes to your account, notify ERFC immediately.
|
Other Information
ERFC may be required to disclose user information pursuant to lawful requests, such as
subpoenas or court orders, or in compliance with applicable laws. If we receive a subpoena
requesting information about you and if you have provided us with your email address, we
will attempt to notify you of the subpoena at the email address that you have provided.
Additionally, we may share account or other information when we believe it is necessary to
comply with the law, to protect our interests or property, to prevent fraud or other illegal
activity perpetrated through the Website or using our name, to prevent bodily harm, to
enforce the ERFCDirect Terms and Conditions, or to protect the rights, property, or
safety of our members.
This Privacy and Security policy applies only to information collected online through
ERFCDirect and does not describe the ways in which ERFC may collect or use information
obtained offline or through any means other than ERFCDirect.