How Insightech protects user privacy and PII

How Insightech protects user privacy and PII

Protecting users’ privacy, and maintaining the highest data security standards are central to everything we do at Insightech. However, it is equally as important for you to be informed on the industry's best practices, and what strong data security and user privacy should look like. Data security best practices ultimately come down to the comprehensiveness, flexibility, and transparency you get as a customer.

Here are the best practices for ensuring you have the highest standards for user privacy and data security:

1. Know what your data platforms collect, and why

When adding additional insights and optimisation capability, it is important to make sure that this doesn’t sacrifice the privacy of your users or data security. The beauty of Insightech’s single-tag approach means that you get all of the benefits of time saved on implementation, and fast insights and optimisation capability, without sacrificing on users’ privacy, or data security.

2. Automate the encryption/masking of personal data

Having the majority of your data proactively and automatically encrypted is a fundamental strategy that should always be incorporated into your user privacy and data security processes. Insightech automatically encrypts all form fields, and where users input personal information across your website, including names, passwords, email addresses, and more. Insightech will also automatically encrypt any instance of email addresses shown to customers across your website. This core approach is used to ensure user privacy is upheld, without you having to lift a finger.

3. Choose platforms that can be customised to your specific needs

Your business needs are unique, so you should always look for the ability to customise your data collection, storage, and encryption to meet those exact needs. Insightech offers this through custom encryption of any content across your digital environments, and by allowing you to customise the data captured, or stored for you. This is incredibly important, especially when considering regional laws like GDPR, or industry regulations for financial or medical data.

4. Data should be encrypted before it is ever sent/logged

Sending/logging data before it is encrypted defeats the purpose of encryption. In most cases, this will still breach user privacy, and it also leaves an easy way for that encrypted data to be reversed and for user privacy to be undone. This is why Insightech completes all of its encryption in the browser and on the client side, to ensure that data is encrypted both in transit, and rest, before it is ever sent or logged.

5. When in doubt, store your data locally (in your region)

Data sovereignty is paramount, and can also change depending on the industry you work in. Industries like Financial Services or Healthcare can also be strict on where specific types of data can be stored, and government bodies can often carry heavy fines or repercussions for breaches of this.

Insightech provides the ability to store data at a local level in most countries across the world. This removes any risk around any unnecessary international data breach issues, or government regulation issues that you will want to avoid.

6. Data removal should be quick, and simple

Insightech provides a fast and easy way to request the deletion of any data that is collected. Luckily, with the platform’s proactive approach to encryption, this is typically not needed, but having the ability to remove data quickly adds an extra layer of protection around user privacy and data security. Storing data locally also significantly reduces any risks.

7. Your servers should adhere to the highest security standards

Insightech works with Google Cloud as its key partner to uphold the highest security standards for server security and compliance. This includes adhering to independent verification of their security, privacy and compliance controls.

This also includes a full set of compliance offerings like ISO/IEC 27001/27017/27018/27701, SOC 1/2/3, PCI DSS, VPAT (WCAG, U.S. Section 508, EN 301 549) and FedRAMP certifications, and alignment with HIPAA, GDPR, and CCPA, among others. You can read more about Google Cloud’s compliance offerings in their compliance resource centre.

Next steps

Review the platforms that you use to make sure that there are no risks for data security breaches, and make sure that you are aware of all local and regional laws.

If you would like more detailed information on how Insightech is continuing to uphold a high standard of data security and user privacy, simply reach out.