McKinney Ice Hockey Club  

Cybersecurity & Acceptable Use

Policy

Cybersecurity & Acceptable Use Policy

McKinney Ice Hockey Club (“MIHC”) maintains this Cybersecurity & Acceptable Use Policy to protect club information, promote safe digital communications, and demonstrate responsible stewardship of data for our players, families, coaches, volunteers, and partners. This policy is published for transparency and compliance purposes and applies to anyone using MIHC‑managed accounts or systems for club business.

Systems Covered

This policy covers all digital tools used for MIHC operations, including but not limited to club email and shared files (such as Office 365), accounting systems (such as QuickBooks Online), registration and team‑management platforms (such as Crossbar), design/communications tools (such as Canva), and official MIHC social media accounts. As technology changes, the Board may designate additional systems as in scope under this policy

Cybersecurity Expectations

MIHC uses reputable cloud‑based systems and has implemented multifactor authentication (MFA) on administrative accounts where available to enhance security. Users of MIHC systems are expected to:


  • Use strong, unique passwords and keep them confidential.
  • Enable MFA on their club‑related accounts when provided.
  • Keep personal devices used for MIHC business (phones, laptops, tablets) secured with a passcode or password and reasonably up to date.
  • Use caution when opening links or attachments and report suspicious messages that appear to come from MIHC accounts.


MIHC will act in good faith to address suspected cybersecurity issues involving club systems, which may include resetting access, working with service providers, and notifying affected individuals when appropriate.

Acceptable Use of Club Systems

MIHC systems and accounts are to be used primarily for legitimate club purposes such as governance, registration, scheduling, communication, financial management, and player safety activities. Users are expected to:

  • Keep communications professional, sport‑related, and consistent with SafeSport, MAAPP, and MIHC’s Code of Conduct when communicating with or about minor athletes.
  • Using club systems to share harassing, discriminatory, obscene, or otherwise inappropriate content is expressly prohibited.
  • Limit using MIHC accounts and platforms to conduct unrelated personal business.
  • Political campaigning on MIHC systems is expressly prohibted.


Accessing or attempting to access information or systems beyond what is reasonably needed for a person’s role is not permitted.

Data Protection and Confidentiality

MIHC recognizes that it manages sensitive information, including player and family contact details, limited medical or allergy information provided for safety purposes, background‑screening and SafeSport status, disciplinary records, and financial information. This information is used only for legitimate club operations and is handled in accordance with MIHC’s Data Privacy & Communications Policy and Document Retention Policy.

Access to sensitive data is role‑based: for example, finance leaders may access financial records, registrars and team staff may access rosters and contact information, and SafeSport/Discipline personnel may access disciplinary and screening information needed for eligibility decisions. Access is removed when individuals no longer serve in a given role or leave the organization.

Personal Devices and Cloud Storage

When personal devices are used for MIHC work, users are expected to keep them reasonably secure (for example, using screen locks and avoiding leaving devices unattended in public places). Whenever practical, official club documents should be stored in MIHC‑approved cloud locations (such as Office 365, Crossbar, or other designated platforms) rather than solely on local drives or personal cloud accounts.

If a device that contains MIHC information is lost, stolen, or believed to be compromised, the user should notify a Board member or designated contact as soon as possible so that risks can be evaluated and addressed.

Incident Reporting and Compliance

Anyone who becomes aware of a suspected cybersecurity issue involving MIHC systems—such as unauthorized access to an account, unusual activity on an official MIHC profile, or accidental disclosure of sensitive information—is encouraged to report it promptly to the Board or the designated technology contact. MIHC will review reported concerns in good faith and may take actions such as updating passwords, adjusting permissions, working with third‑party providers, or strengthening internal practices.

Failure to follow this policy, including deliberate misuse of MIHC systems or unauthorized access to confidential information, may lead to corrective action under the club’s governance and disciplinary processes. MIHC will periodically review and update this Cybersecurity & Acceptable Use Policy to reflect changes in technology, nonprofit best practices, and the needs of the club community.

Cybersecurity Disclaimer

McKinney Ice Hockey Club (“MIHC”) provides this Cybersecurity & Acceptable Use Policy disclaimer to explain the limits of security and user responsibilities when accessing club‑related systems and information.

MIHC uses reputable third‑party platforms (such as cloud‑based email, document, accounting, registration, and communication tools) and reasonable safeguards, including multifactor authentication on administrative accounts where available, to help protect electronic information from unauthorized access, loss, or misuse. However, no method of electronic storage or transmission over the internet is completely secure, and MIHC cannot guarantee the absolute security, confidentiality, or integrity of any information transmitted to or through its systems or those of its service providers.

By using MIHC websites, registration systems, communication platforms, and related digital services, users acknowledge these inherent risks and agree to:

  • Safeguard their own account credentials and devices, including using strong passwords and not sharing login information.
  • Notify MIHC promptly if they suspect unauthorized access to a club‑related account, unusual activity, or loss/theft of a device that may contain MIHC information.


MIHC is not responsible for cybersecurity incidents, data breaches, or losses arising from factors beyond its reasonable control, including but not limited to user behavior, third‑party service failures, or broader internet security events. In the event of a suspected compromise involving MIHC systems or accounts, the club will act in good faith to investigate, take appropriate remedial steps (such as resetting access, coordinating with vendors), and communicate with affected individuals as it deems appropriate under its policies and applicable guidance.

Confirm Delete
Click the delete icon again to confirm. Click escape to cancel.