Let’s take a minute to talk about some information security acronyms like PII and GDPR. Come on, it’ll be fun!
On May 25, 2018 the European Union will implement the General Data Protection Regulations (GDPR), invoking tough new rules for how enterprises gather and use EU citizen information so consumers can better control their personal data. As the Washington Post points out, EU consumers under GDPR will have stronger privacy than many in the US, including free access to data that’s been collected on them and detailed information about how it’s being used. Companies will destroy data when it is no longer needed for the original task. Consumers can contact the entity that controls their data to request access to it. (The appropriate contact info must be provided to consumers whenever information is collected.)
As enterprises doing business with European customers scramble to comply with GDPR, I’m pleased to say that Glance takes every effort to ensure that we comply with the stringent requirements of GDPR, to ensure the protection of its customers’ data.
Let’s take a quick, big-picture look at our approach to security and Personally Identifiable Information (PII). This is a topic our enterprise customers often ask about.
See how Glance protects customers’ personally identifiable information.
Glance Follows a Simple Data-privacy Rule
As a Software-as-a-Service provider since 2000, Glance Networks has followed a simple data-privacy rule: the personal data of the users of the businesses we serve (our customers) belongs to them. As custodians of their data, Glance is committed to preserving each user’s privacy. We are committed to earning and maintaining the trust of both our customers and their users that we will preserve everyone’s privacy.
Glance has continually invested over the years to keep up with evolving privacy regulations. Glance is a certified Privacy Shield organization under US Department of Commerce rules, and a Level 1 Validated PCI DSS (Payment Card Industry Data Security Standard) Compliant Service Provider.
We Serve Our Customers and Their Users without Gathering PII
The best way to ensure customer privacy is to avoid storing sensitive data.
To that end, Glance never records the contents of a screen sharing or co-browsing session. The session data itself is encrypted while in motion and is never “at rest,” meaning it is never saved. Glance strongly encourages every customer to use industry-standard single sign on (SSO) mechanisms, such as SAML 2.0, to eliminate the need for Glance to store customer logins or passwords. Glance also lets each customer mask sensitive user information that may appear during a session, such as credit card number or taxpayer identification number. The contents of masked elements never touch the Glance service, ensuring complete privacy.
And while some companies may ask users for their name, telephone number, or email address, in general, an IP address is the only information Glance needs to make the service operate. Glance automatically purges those IP addresses within three months, using secure deletion methods. Names, telephone numbers, and email addresses gathered on behalf of Glance customers are automatically purged after six months.
GDPR Ready – We Assure Full User Control and Visibility
Glance gives individuals full control over the minimal amount of information we do store. Anyone can ask Glance about any information about him or her that is held in our system, or to erase it, at any time. Simply send an email to our team at firstname.lastname@example.org.
Bottom line: Glance fully supports our clients’ rights to privacy, and is a strong advocate of an individual’s ability to control their information.