Our Data Privacy and Security Policy
Protecting the privacy of our clients, our clients employees and students, our partners, and any IData sales lead or prospect is fundamental to our mission and business. The following summarize our promises to you.
- We will never sell your data or student data.
- We will not share your information without your consent
- We will only send marketing to individuals that have opted-in for contact.
- We will honor all requests for opt-out.
- We use the latest security industry best practices to protect you.
- We are transparent about our practices and will notify you if things change.
- We are compliant with FERPA and the principals of GDPR (EU).
Client Data Security Policy
Any client data accessed or processed by IData staff or through any IData application not managed directly on-premise by a client will be handled under this IData privacy and data security policy.
Data may fall into one of several categories, which dictate how the data must be handled and protected:
- Sensitive Data - Information received from a client that the client has not shared with the general public. (i.e. connection details & credentials) or internal IData information not openly shared inside or outside of the company and known to only a select group. (i.e. Salary information, bank account numbers, performance reviews, etc)
- Public Data - Information shared with the public or generally known by the public. (i.e. information on the IData marketing websites, information available on a client's public-facing website)
- IData Proprietary Data - Any information about how IData operates, trade secrets, client lists, strategy documents, etc, not known by the public but shared internally.
Sensitive Data should only live in places necessary for regular business operations. Only servers or laptops with a strict BUSINESS need for sensitive data should house that data. Access to databases containing sensitive data must have strict firewall rules in place to only be accessed from servers that need it for business operations. Access to data systems containing sensitive data will be monitored and logged. Employee and contractor devices should never contain client sensitive data unless absolutely necessary and then only for a temporary timeframe. Data should be promptly deleted after the temporary timeframe passes or the need no longer exists. Any hard drive or other media upon which client sensitive data is stored must be encrypted. Application security testing (for IData-developed applications) must be performed on a regular basis to prevent accidental or unauthorized access to this data through the application itself. Client passwords and other data should be shared through a secure method. Clients should be encouraged to follow this practice instead of sending data via email. Unless necessary for regular business operations test systems must only contain test or development data and must not contain production data.