Data privacy, data security, GDPR compliance, brand safety and all other aspects of this broad and crucial topic, have never been as prominent and important as they are now. In this article, posted on Data Privacy Day 2021, we share methods that we as an agency adhere to and indeed pioneer these sensitive aspects of our day-to-day operations.
We kick off with the CIA Triad, which is the framework that All Response Media follows. The CIA Triad should be the 3 cornerstones of any company’s security infrastructure:
Confidentiality
- This is the same as privacy. It is ensuring that confidential information does not get to the wrong people, as well as ensuring that authorised personal can still access it
- Data should be handled based on their required privacy
- Data should be encrypted, with a form of two-factor authentication to reach it
- Keep access control lists and other file permissions up to date
Integrity
- This involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. This can be changing the location of a file and accidentally giving access to the wrong person, new metrics added to the data and accidental deletion of required data
- Ensure employees are knowledgeable about compliance and regulatory requirements
- Use backup and recovery software
- To ensure integrity, make use of version control, access control, data logs and checksums
Availability
- This ensures that all hardware and software is updated and repaired properly to stop the risk of data not being passed properly. This can be checking bandwidth, performing regular system updates and limiting data bottlenecks
- Use preventative measures such as redundancy, failover and RAID. Ensure systems and applications stay updated
- Use network or server monitoring systems
- In case of data loss, ensure a data recovery and business continuity plan is in place
Consent Management Platforms (CMPs)
We of course strive to be GDPR compliant at ARM, and one of the ways we achieve this is by using a CMP, as well as regularly updating our privacy and cookie policies. This ensures that we are being completely transparent about how we are tracking our users and customers, and give them full control over how and where they are tracked. A CMP is a banner that appears on your website upon a visit, which requires explicit consent to be given by the user before any cookies are dropped. To some users browsing the internet, they are an ever-present nuisance. However, they are now essential and serve an important purpose as it pertains to user privacy and control. An example of a CMP in action is shown in the image below:
There are many free tools available that can offer this message, but we have decided to create our own to make sure the functionality is aligned with the custom creation of our website.
Cookies need to be easily categorised by:
- Marketing: User-level data collected for the purposes of targeting and re-targeting
- Analytical: Aggregated data used for reporting purposes
- Necessary: Required cookies to ensure the website can work properly. These cookies cannot be rejected
- Functional: Allows for the personalisation of the website for a user, such as saving a basket containing chosen products
How are ARM tackling GDPR to support our clients?
Tag and cookie audits:
- Analysing all tags and cookies being used across a client’s website
- Categorising all cookies based on CMP categorisation (above)
- Offering a full description of how each cookie is being used
- Cookie audits are required for creating and managing your privacy policy content, cookie policy and setting up your CMP.
ARM utilise software in-house that is dedicated to cookie identification, as well as a team of GDPR and tagging specialists that can offer a cookie table with clear descriptions and categories which can be uploaded straight into a cookie policy. This is a specialist service we offer outside of media retainers to support our clients.
Secure data passing and storing:
- S/FTPs are created by ARM as a way for clients to pass data securely to ARM, which is held in the FTP securely until we can extract the data
- ARM servers are used to create databases per client, which securely hosts the data and only allow visibility to selected users, both for clients and within our agency
- Within our proprietary campaign measurement and analysis suite, ARMalytics, the ARMoury function is an accessible storage location, similar to an SFTP, which allows for secure data passing between ARM and our clients
- If data is passed with personal data which is required by ARM, or covered by a Data Processing Agreement (DPA), then it is immediately and securely deleted from our servers with all backup files removed.
At All Response Media, we strive to ensure that our data meets the standards outlined in the CIA Triad. Securely storing and passing data using custom-built secure locations, checking data regularly to ensure only the correct people can see the correct data, and making the data available to our clients and internal staff easily and securely. This whole process is underpinned by our proprietary technology stack, ARMalytics.
If you would like more information on this topic, or indeed have any questions regarding anything covered in this article, please reach out to your ARM team.
Read more on our specialist data and systems.