Data Privacy Day 2020 - An Open Letter
On the occasion of this Data Privacy Day 2020, I want to take the opportunity to not only thank you for your continued business but to emphasize the priority we place on data privacy. This is a central tenet to how we operate and to that end, I want to share with you some of the key privacy and security measures we have put in place at Environics Analytics.
We are operating in a dynamic, data-centric business environment governed by evolving privacy legislation. We are fully committed to executing our business within these parameters but also in ensuring that we act well beyond just basic compliance requirements. Our clients should expect the highest privacy and security standards from us and we are always more than happy to discuss our policies and practices with you in detail. In the interest of brevity, I have summarized below some of the actions we have taken to raise the bar in this area.
1. Preparedness.
Our approach is proactive rather than reactive. We do not wait for privacy risks to materialize but aim to prevent risk from occurring.
· With the rise in regulations, our Privacy Office is focused on navigating all relevant regulatory changes.
· Through due diligence, we have enhanced our evaluation process to assess privacy risk. The goal is to identify and classify risk before issues can happen.
· Engaging with TrustArc for the TRUSTe Enterprise Privacy Certification
· We continue to embed privacy into the design and architecture of our products, IT systems as well as business practices and ensure privacy is an essential component of the core service and value we deliver.
2. Transparency.
Transparency and privacy go hand in hand. Increasing transparency on how and why data are collected, and how they are used benefits us in how we manage data within the organization. We have taken the following measures to build transparency – and trust - with our clients:
· Updates to the Environics Analytics website privacy notice to feature simplicity, accessibility and an overall more transparent approach.
· Through privacy and security training, we have increased our staff awareness regarding privacy laws, policies and procedures.
· We are actively engaged in industry associations and at various government levels in promoting the value of responsible data use and how data can be used for social good.
3. Privacy Principles.
Environics Analytics values and adheres to a comprehensive set of principles that enable us to be an active member of the privacy compliance community.
· We use 100% privacy compliant data as inputs for product development.
· Personal information provided to us by clients is used solely for their business and is safeguarded in client-specific firewalled locations in secured data centers.
· Data are only used for the purposes for which the provider consented.
· We comply with legal obligations in relation to the retention, where data shall not be kept for longer than we determine reasonably necessary, and destruction in accordance to NIST Guidelines for Media Sanitization.
· No data are shared with a third party under any circumstances unless there was explicit consent to the sharing.
· Data we produce at the postal code level are modelled based on accepted statistical processes and are not aggregated from personal data.
· We achieve and maintain the highest standards of compliance with favourable SOC1, SOC2 and HITECT/HIPPA audit results.
· We operate in accordance with strict and formal privacy and security policies and procedures, which are consistent with Canadian, U.S. and E.U privacy laws and regulations (PIPEDA, GLBA, CCPA GDPR included).
In this era of data-driven decision making, nothing is more important than protecting the privacy and security of data that comes into our company and using data responsibly to create products and provide analysis for our clients. A key component in ensuring this is to make sure that each and every employee adopts the principles of privacy and security in their day-to-day workflow and in how they conduct themselves.
As an organization, we promise to continue our investment in programs, audit practices and information security to ensure that your data are handled in a way that is compliant with the laws, that respects consumers and that enables you - our clientsâ - to make better decisions.
Wishing you a happy and secure Data Privacy Day 2020.
Jan Kestle is the Founder, President and CEO of Environics Analytics, Canada’s leading data analytics and marketing services company. She is a member of the Canadian Statistics Advisory Council, the Board of Directors of the Canadian Marketing Association and the Advisory Board of Ryerson University School of Geography.
Environics Analytics is represented on the Canadian Marketing Association’s Privacy and Data Advisory, Standards Council of Canada - Canadian Data Governance Standardization Collaborative, GDPR Working Group, and the International Association of Privacy Professionals.