Privacy Policy
CMBI privacy and data protection policy
Our clients
CMBI know that data protection and privacy are mission critical considerations for every organisation. Companies need to protect their customers, adhere to company policy, and comply with a growing body of national and international legislation and standards. At CMBI, we are committed to helping our clients maintain and enhance their data protection standards. This document states our privacy objectives, working practices, and the practical steps we take to protect data and uphold privacy standards.
Our objectives
The foundation of CMBI’s privacy and data protection policies and procedures are the following four key objectives:
- BREACH - CMBI will never knowingly put clients’ data at risk of data breach or expose our clients’ data to unauthorised third parties.
- KEEP SECURE - CMBI will always seek to minimise duplication of data outside of the clients’ managed IT infrastructure.
- MAINTAIN PRIVACY - CMBI will take special consideration of personal data, defined by the GDPR standard, and will whenever possible, minimise use of this data during engagements.
- RAISE AWARENESS - CMBI will encourage client awareness of data privacy and protection throughout the engagement.
Feedback
Privacy and data protection requirements are continuously evolving. CMBI welcome feedback on this privacy policy and any suggestions for extending or improving data protection working practices.
CMBI policies to protect data and privacy
Email communication
When we use email communication we will try to minimise embedded client data in our emails through the following steps.
Links
Where possible we will use a link to an asset on the clients’ network or a secure cloud storage location rather than include an attachment or screenshot.
Attachments
If we must include an attachment that includes sensitive data, we will encrypt that attachment in a zip file and send the password via another independent communication channel (e.g. text message).
Screenshots
If we must include screenshots, we will blur any personal data and minimise visibility of any irrelevant items in the screenshot through blurring or cropping.
Clients
We will encourage our clients to use these techniques to minimise sending sensitive information via email.
Authentication
We use Gmail to host our email. We protect our email logins with two-stage Google authentication.
Data storage
Our engagements frequently involved creating secondary repositories of data for reporting and analysis.
Location
We have a strong preference to host secondary data repositories on the clients’ existing managed infrastructure.
Data import and transformation (ETL)
Whenever possible, we will import data verbatim from source systems to avoid misrepresenting data in the secondary repository, and to maintain transparent data lineage.
Data storage
We prefer to truncate and reload data from source systems into secondary repositories so that the secondary repositories reflect all deletions and updates in the source systems.
Personal data
We have a strong preference not to import customer names, first lines of addresses, or other sensitive data into secondary repositories, or, where we do import them, not to expose this information in cubes, reports, or other client facing outputs.
Mode of work
VPN
Our strong preference is to work through a secure VPN or remote desktop directly on our client servers rather than copy client assets onto CMBI computers.
CMBI computers
Sometimes we must work with client data and assets our CMBI computers. We maintain the following standards on CMBI computers.
Encryption
CMBI encrypts computer storage drives with Microsoft Windows BitLocker protection.
Anti-virus
CMBI protects machines and phones with Norton anti-virus.
USB and secondary storage
CMBI encrypts USB and backup drives with Microsoft Windows BitLocker protection.
Password protection
CMBI computers are password protected. CMBI use non-admin accounts for routine development work.
Development source code
Source code
CMBI will store a copy of source code created during the engagement on secure CMBI storage. We do this to assist with long-term support and maintenance.
BI solution security
Our clients will manage access and security to the BI solutions we build. To make this feasible, we have the following preferences for security.
Windows integrated authentication
Whenever possible, we recommend Windows integrated authentication for clients with an Active Directory Windows based network.
Object level security and auditing
We generally recommend object-level security in preference to data level security. This means we prefer to define access to objects like a database, cube, schema, or report, rather than data driven security. Object level security is more transparent, easier to define, easier to audit, and more robust if there are unexpected changes to data.
Accessing Your Personal Information
You have a right to access your personal information, subject to exceptions allowed by law. If you would like to do so, please let us know. You may be required to put your request in writing for security reasons. CMBI reserves the right to charge a fee for searching for, and providing access to, your information on a per request basis.
Contacting us
CMBI welcomes your comments regarding this Privacy Policy. If you have any questions about this Privacy Policy and would like further information, please visit our contact page.
