Celebrating Data Privacy Week
This past Sunday, January 28, we celebrated Data Privacy Day, which marked the start of a week where we can expect to see thought-provoking content raising awareness around the topic of data privacy across various media platforms.
Overview
Privacy holds different meanings for individuals in various contexts, such as work, family, online interactions, and public spaces. Global Data Laws and Regulations also define privacy and its scope differently. This variability makes establishing a universal standard challenging, especially for developing data products and services.
However, the field of privacy is gaining recognition and becoming increasingly important. Check out this fascinating study and article from Cisco’s Privacy Center of Excellence. It highlights the growing significance of privacy as a key enabler of customer trust.
What used to be a niche specialty has now gained recognition and importance. For example, the fact that universities are now offering privacy-focused courses that combine Computer Science, Business, and Law is a sign that this field is expanding beyond the legals of data regulation compliance and more into the practical application of privacy in products and services that are powered by personal data.
How we prioritize privacy and security in our products and services
At ActiveProspect, we deeply value privacy and security and we are constantly working to ensure they are a priority in all the products and services we provide.
The TrustedForm service helps website owners and customers document, analyze, or archive product or service registrations and the visitor interactions occurring around consent to contact notices, terms, and disclosures on webpages.
We help customers make more informed and compliant decisions about outreach to individuals who consent to be contacted by email, text message, phone call, or postal mail.
We do not sell personal data or use it for any purpose beyond the contracted processing, analysis, or transfer services. ActiveProspect does not sell website webform data or personal data to other parties. We are a service provider processing customer owned or customer directed data under contracted terms and on behalf of customers.
We do not sell consent to contact transaction personal data to third parties for any other marketing purposes including online behavioral cross-context advertising or targeted advertising. TrustedForm’s data intended is used for lead generation processing, consent to contact transaction documentation, and related data analysis use purposes only.
Check out our range of products, functions, and features designed to bring individual consumers and businesses enhanced transparency, responsible data processing, confidentiality, information security, and privacy-focused solutions.
Confidentiality and privacy in data use
- Data submitted to our LeadConduit, TrustedForm, and LeadsBridge platforms remains under client ownership, control, and direction. We do not sell personal data or use it for any purpose beyond the contracted processing, analysis, or transfer services.
- TrustedForm supports website domain ownership verification features.
Secure data retention and deletion
- We only retain client LeadConduit submitted “lead data” for 90 days, ensuring it’s available for processing, analysis, and decision-making before being marked for deletion.
- TrustedForm has defined data retention periods of 3 days and 90 days or up to 5 years for Retain product lead data. The latter retention period is for client compliance consent management and transaction purposes.
- LeadsBridge client “lead data” is generally not stored or retained after the source-to-destination data transfer confirmation. Some bridge configuration standards however do have a 90 day retention period defined to allow reasonable time for error correction, backup, and restore functionality.
Privacy-compliant notices, choice, opt-in consent
- Our TrustedForm Verify tool assists business customers with compliance functions by analyzing webform language sources (first-party or third-party) for notice and consent language aiding compliance with consumer data privacy regulations like the US Telephone Consumer Protection Act (TCPA).
- TrustedForm consent capture can also function in mobile apps that support common Lead Ads standards. We believe Lead Ads are more transparent or provide consumers a clear choice and consent mechanism for the sharing of personal and contact information when interested in being contacted about a product or service in digital ad experiences.
Limited data sourcing and collection
- TrustedForm’s Certify services only run on client webforms or partner mobile app Lead Ads forms.
- The TrustedForm service does not participate in any cross site tracking or consumer profiling. The TrustedForm service is not running site wide or profiling consumer’s online site-to-site visits and behaviors.
- Other webform consent capture services use their service for consumer profiling and online behavioral shopping intent signals. We find it rather unsettling, devious, lacking transparency, and failing to support online or digital consumer privacy.
- TrustedForm service is not a web browser cookie-based solution and is aligned with web browser depreciation of third-party browser cookies tracking.
- LeadConduit service supports lead source token authentication for API data exchange. It allows clients to only receive and analyze authorized lead sources.
Compliant data transfer mechanisms
- Our practices include adhering to cross-border EU-US Data Privacy Frameworks and employing encryption in transit for security.
Data masking and obfuscation
- We offer sensitive data field flagging features, such as LeadConduit Sensitive Data Fields Hashing and TrustedForm PII Masking.
- In a TrustedForm consent Session Replay, sensitive data fields can be flagged with ****** marks for visual reference. This feature ensures the data remains confidential, invisible, and unrecorded in TrustedForm.
- Some LeadsBridge services affiliated with social or digital advertising mask or obfuscate data fields in reporting to allow transaction validation while limiting PII identification.
Continuous security monitoring, alerting, auditing, and reporting
- ActiveProspect attests to a series of security, availability, and confidentiality internal controls, continuously monitored and independently audited to our SOC2 controls report annually. If you would like to see our security controls and policy procedures, please view our Security and Trust Portal.
- Here you can find more information about our SOC2 and what it means.
- ActiveProspect also provides status and availability of our SaaS services on our Status page.
- ActiveProspect services are continuously monitored for security events and vulnerabilities. We perform routine security penetration testing on our SaaS platform services. Pen Tests involve independent security services and individuals who scan our application looking for weaknesses and ways to access the application or data. Findings are shared in a detailed report and we work to promptly address and resolve findings from the penetration tests.
Data Subject Requests (DSRs)
- Even as a service provider, we have procedures to help support and fulfill client Data Subject Requests, including data deletion requests of client or partner controlled data. Any data subject request can reach our privacy office for review and actioning at [email protected].
A strong commitment to privacy also in our core values
Privacy-focused elements are deeply embedded in many of ActiveProspect’s core values.
Leads ARE People
We understand that the leads we handle represent real individuals – people who could be our own friends and family. Unlike typical marketing companies that prioritize their own business interests over consumer privacy, we put the consumer first. We shape our strategy with this mindset and go to great lengths to safeguard the interests of these leads and the consumers themselves.
Transparency Drives Trust
ActiveProspect operates with complete transparency, believing that clarity fuels progress. As individuals and as an organization, we are upfront and fully transparent about our actions, leaving no room for hidden agendas.
Competence Creates Confidence
We believe in practicing what we preach. Our customers and teammates rely on us to be the leading experts in consent-based marketing. We achieve this by excelling in our field and sharing our knowledge with others. As lifelong learners, we understand the importance of staying humble and constantly expanding our knowledge.
Together is Better
To reach our destination, we set our sights on the collective goal. We foster collaboration, recognizing the power of joining forces for even greater achievements.
Conclusion
You may have come across the saying “Privacy is Hard” in various discussions over the years, particularly in the realms of application and product development. At ActiveProspect, we fully acknowledge the complex nature of meeting privacy requirements, and we’re determined to face this challenge head-on.
We’re thrilled about the journey ahead, which involves knowledge sharing, creative collaboration, and countless opportunities. By placing renewed emphasis on privacy considerations in our products and services, we aim to provide a secure environment for our clients, partners, consumers, and the wider community who rely on us as trustworthy guardians of their data.
Wishing you all a Happy Data Privacy Week!