Protection of PII

Casino Royale

 Protection of Personally Identifiable Information Statement 

Casino Royale takes very seriously and understands the need to keep our Patrons Personally Identifiable Information (PII) private.  Casino Royale takes several steps to insure the confidentiality of our patrons Personally Identifiable Information and protects that information in several ways:

• Every new employee hired is required to sign, a Confidentiality and Data Encryption Requirements document.  This document is part of the New Employee Handbook that is kept by Casino Royale for the period of time as is required by law for maintaining employee records. A copy of this document is available upon request.
• Casino Royale maintains a database containing the PII of our Hotel guests and also maintains a separate database containing the PII of our gaming patrons.
• Casino Royale maintains a web site.  Our web site does not contain access to either of our databases, nor to any patron PII information.  There is no “Sign Up” page or link to our databases. The web site is strictly to provide general information regarding our facility and also provides a link to Best Western for patrons wanting to make reservation to our Best Western hotel.
• Our Player Club cards contain no information regarding a patrons PII.  If a Club Card is lost or stolen and the PIN is determined, there is no Personally Identifiable Information disclosed by that process.
• For our gaming guests, all PII is maintained in the Casino computer system database.  Access to this information is made via Active Directory user accounts that are controlled by IT personnel and by application computer accounts that are maintained by our User Account Administrator.
• Physical access to the computer systems are behind locked doors and access is accompanied by a casino security officer or other pre-authorized casino IT staff.  Each access by a visiting vendor or other casino guest is logged.   Physical access is also monitored by a security camera.
• Alerts of any non-authorized access to computer database files outside of normal gaming application access are configured so that IT staff is immediately made aware of the access.
• Casino Royale is required by the Federal Government to submit certain electronic forms as is required.  These electronic forms contain patron PII including: Name, address, phone #, social security and other PII data.  Specific software tools (including active directory) are used to insure that such stored data is not accessed in any way other than by the specific domain users that have been assigned access to this information. Logs pertaining to such unauthorized access are maintained by the IT Assistant and reviewed weekly by the IT Assistant and system administrator.  
• Transmittal of these forms to a Federal Government site is provided by highly secure means approved by the federal government.
  

In the event that a security breach of our computer system has been identified, we will immediately take several steps:

• Notify State and local authorities of the breach and the extent of the data loss
• Provide a notification on this web site regarding the breach and the extent of the data loss
• Make every effort to determine the source of the breach and prosecute all involved parties 
• Make every effort to recover the data and determine if the data has been compromised
• Casino Royale maintains contact with the U.S. Department of Homeland Security, the Southern Nevada Counterterrorism Center and the FBI Las Vegas Field Office, receiving regular correspondence from them regarding the protection of Patron’s PII.