Background
The International Accrediting Commission for Digital Education (IACDE) is committed to protecting the confidentiality, integrity, and lawful use of information collected and processed during the accreditation process.
This policy ensures compliance with applicable data protection regulations, including the U.S. Privacy Act, General Data Protection Regulation (GDPR), and equivalent international frameworks.

The purpose of this policy is to:
• Safeguard institutional and personal data collected during accreditation activities.
• Promote ethical and transparent data management practices.
• Ensure compliance with legal and international data privacy standards.
• Build trust through responsible handling of sensitive information.

Scope
This policy applies to:
• All IACDE staff, officers, peer reviewers, and contractors.
• Candidate and accredited institutions providing data during application, review, and renewal.
• Digital platforms, forms, and communications managed under IACDE’s control.

Data Collection and Use
• IACDE collects only the data necessary for accreditation, communication, and compliance purposes.
• Data may include institutional profiles, faculty credentials, financial information, and contact details.
• Information is used exclusively for accreditation and quality-assurance purposes and is never sold or shared for commercial gain.

Data Storage and Security
• All data are stored on secure, encrypted servers located within the United States.
• Access is restricted to authorized personnel on a need-to-know basis.
• Electronic transmissions are encrypted using secure protocols (SSL/TLS).
• Hard copy materials, if any, are stored in locked facilities with controlled access.

Data Retention and Disposal
• Data are retained only for as long as necessary to fulfill accreditation or legal requirements.
• Upon expiration or withdrawal of accreditation, institutional files are archived for a defined period and then securely deleted.
• Paper records are shredded; digital data are permanently erased from servers using certified deletion protocols.

Institutional Rights and Responsibilities
• Institutions may request access to their records, corrections of inaccuracies, or deletion where legally permissible.
• IACDE will confirm, within 30 business days, any actions taken in response to such requests.
• Institutions must also ensure the accuracy and confidentiality of any data they share with IACDE.

Breach Notification and Response
• In the event of unauthorized access or data breach, IACDE will notify affected parties within 72 hours of discovery.
• Immediate corrective actions will be taken, and relevant authorities informed if required by law.
• Affected institutions will receive a summary report detailing the incident, mitigation, and prevention measures.

Third-Party and Cross-Border Data Transfers
• IACDE does not transfer data to third parties unless necessary for accreditation operations.
• When international transfers occur, IACDE ensures compliance with applicable cross-border data protection laws.
• All contractors or partners are bound by confidentiality and data protection agreements.

Policy Review and Compliance
• This policy is reviewed annually by the Policy & Standards Committee.
• Non-compliance may result in disciplinary action, contract termination, or revocation of access privileges.

International Accrediting Commission for Digital Education (IACDE)
8206 Louisiana Blvd NE Ste B #10025, Albuquerque, NM 87113, USA
info@iacde.org | www.iacde.org
“Your Mission Deserves Accreditation Without Barriers.”

Policy Adoption Record
Adopted by the International Accrediting Commission for Digital Education: 06/2025
Revised: 10/2025
Editorial Revision: 10/2025