We understand the importance of privacy and security in any product that handles and displays data on people. To that end, we have taken measure to ensure that all data is stored and processed securely. We also emphasize that the end user is in control of their data.
All data is encrypted, both in transit and at rest. The public and corporate directory data are stored in separate databases in separate virtual private clouds (VPCs) to ensure that there can be no unintentional overlap or integration of the data sources. Data encryption keys are managed through the Amazon Web Services (AWS) Key Management System (KMS). They remain in AWS and cannot be downloaded or exported, meaning that nobody has direct access to the keys; they are managed by a restricted set of engineers. The public and private data sources have separate keys to further ensure secure data separation. Data is end-to-end encrypted from server to browser. Directory data will only be shown to other members of the same organization, maintaining data privacy.
Table 1 outlines sources of personal data and how personal data is encrypted. Table 2 details the retention policy. Table 1. Personal data processing and encryption
Table 1. Personal data processing and encryption.
Table 2. Retention policy
There are three primary ways in which the data included in a person’s profile may be updated:
New or updated data is discovered on the public web. The Accompany algorithms constantly explore the web, looking for new pages and for updated information on existing pagers. This data is ingested on a continuous basis. For example, if you were to speak at a conference and had a biography posted on the conference website, that bio and that conference talk might well be discovered and included in your People Insights profile.
While the underlying data sources may change, thereby updating a profile, ultimately, the user has full ability to edit or override that information. The automatic data updates serve only to ensure we are presenting the most complete and up-to-date profile possible without the users having to continually manually update their profile for any changed information. The one exception to this policy is news data. Users can hide news about themselves from their profile, but the People Insights feature does not allow editing of news.
In the case of data deletion, since all data displayed appears first in another source, we recommend you also correct data at its source (for example, if you no longer wish to be shown in your company’s directory, you must work with your directory administrator on removing that data or hiding it from display). Regarding public data, i.e., data that has been obtained from a public source on the web, such as a company team page, users can hide any and all such data.
It is important to note that we hide the data from all view, rather than purging it from our systems to ensure that if similar data is discovered again, we hide that as well. For example, if you speak at a conference and post a biography, then choose to hide the biography in your People Insights profile, we must keep a record of that information so we know to hide if we find it from another conference page. This ensures data remains hidden more effectively and across a wider range of scenarios. If instead, a user wishes to have current profile data fully deleted from the system, any user may make this request at any time by opening a Cisco TAC case. However, note that having purged the data from the system, it may reappear if discovered again elsewhere on the web. Once data is edited or hidden, the changes will be reflected immediately upon refresh of the person’s profile. This is true for yourself and for any other users who may be looking at your information. In creating these automated systems to discover and assemble person profiles we aim to make your life easier, but not at the expense of your autonomy. Our support team is happy to answer any questions or help with any data requests: simply send an email message to support@accompany.com.