In this article:
Where does our data come from?
In this article, we will look at how the Digital Production team handles Data and PII in daily operations.
In Digital Production, we work with people's data and PII on a small-scale day-to-day basis and a large-scale event basis.
Day to day
- Email communication with one or more customers
- Business cards
- Making a note of contact details
Event Driven
- Presentations
- Speaker Biographies
- Participant data
- Participant behaviour
How we handle our data
We approach the handling of this data in different ways.
Small-scale data will normally live in our Encore enterprise systems such as Outlook, Compass and Navigator. These systems are secure and Encore IT can administer them in ways that ensure that we remain compliant.
If a customer sends you a photo of a presenter (PII), you should request that they use the secure folder provided, but you can download the image, move it to the appropriate secure storage location and then delete the attachment and delete the original email (from your inbox and deleted items).
RP: Do we need to delete the email if it doesn't have PII?
You might put someone's details in your phone if it is important on show day and there may be client comms groups. These should be deleted after the event.
We must not store or keep PII beyond the legitimate time for doing so, so this includes accidentally keeping information via email for projects that are now in the past. Email debris is very hard to track; however, it can still lead to penalties and fines for breaching data protection regulations.
Large-scale / event-driven data must be handled using password-protected files and access-controlled SharePoint Folders. Clients should be given access to a secure SharePoint folder where THEY can upload their data to and from. We can then transfer it to one of our Encore platforms, which will also be secure (e.g. Chime & Content1).
| Sharing Event Data | ||
| SharePoint folder provided by Encore | Safe | Sharing data via SharePoint is a safe and secure way to ensure data doesn't fall into the wrong hands. Links are sent to the client via email, and you can also designate authorized users, so even if someone manages to discover the link, they still won't have access if they're not authorized. |
| API (Automated transfer of data) | Safe | Custom connections from one system to another usually have robust security. |
| Client-provided corporate-approved file share | Safe | The client provides the Encore team access to a folder on their corporately approved file-sharing platform. |
| Password Protected Excel (emailed) | Can be safe | This is a secure way to share data, but only if the password is sent via an alternate communications channel. Do not send the password via email. Use a strong password. |
| Email attachments | Not Safe | This isn't a secure way to share data. If your account is compromised, anyone could have access. Not only that, but debris is left in the sent items and the trash folders. |
| OneDrive | Not Safe | All One Drive files are public, and anyone with the link can access the data. |
| Google Sheets | Not Safe | With Google Sheets, the data is outside of our control, and it doesn't delete the actual data. |
| Dropbox | Not Safe | Just like Google Sheets, the data is outside of our control, and it doesn't delete the actual data. |
Practical steps for working with customers
Here are some key challenges we face when working with customers and their data. We can proactively manage customer expectations by sending them guidelines and a secure upload area at the beginning of a project.
Getting Data
Manage Expectations
At the beginning of the project, send customers a guide that contains our guidelines for handling data securely.
Jim, do we have one / can you help us create one as well as verbiage for if the customer wants to use a method that appears insecure? Jim has asked Mario and then we need to see if we can keep Concise and DP aligned as far as useful.
Who's who?
Identify who fulfills the following roles for the project.
- Data Subject - usually presenters or pre-loaded participants
-
Data Controller
- "The entity (person, organization, etc.) that determines the purpose, the why, and the how for processing personal data."
- Usually the client
- Be 100% clear on who the data controller is (Note: if a client uses a content agency, OUR CLIENT is the data controller and not the agency providing the content).
-
Data Processor
- "The entity that actually performs the data processing on the controller's behalf."
- Usually Encore
Client vs Agency - be crystal clear about who the data controller is. You can only send information to the data controller. Sometimes an agency asks to have a look at post-event data so they can package it up nicely for the client. We need to tell them that they have to get it from the client. (this can also be the other way around, where the agency is the data controller – Be sure you know who is who, so you only share data with the correct party and don’t accidentally breach data security).
Secure SharePoint Folder
Set up a SharePoint folder and give access only to specific people who need access.
- All of Encore will not need access to this data and should not have access
- All of your department may not need access to this data and should not have access
- All of your team may not need access to this data and should not have access
- All of the client team may not need access to this data and should not have access
You should not email data to customers; you should set up a secure SharePoint folder.
What if a client insists on using an insecure method (eg. Google Drive) to send data?
Should you be invited to access data via an insecure platform such as Google Drive, Dropbox or receive emails with non-password-protected attachments, you should respond to the client with a message as shown below.
----------
Example Wording:
Due to our data security policies and our commitment to protect PII and business confidential information, we are not permitted to access or use data that is shared via sites that may not meet our security standards or via non-password-protected files. Please upload your data to the SharePoint folder provided.
If you are unable to access the SharePoint folder provided, please password-protect the file (At least 10 characters, at least one letter, at least one number, at least one symbol) and resend (using an alternative communication channel such as SMS to share the password) or call me to discuss alternative methods.
----------
Using Data
You must use data for the purpose it was provided.
- You can't use someone's Facebook profile picture just because you don't have their headshot (unless they have given you specific permission to do so).
- You can't use someone's headshot from one event for an event with a different client.
- You cannot re-use summited data from a previous event with Encore since they only consented for that data to be used for that specific event, so they would have to expressly agree again (unless this is part of a series of events and the data subject gave permission for its use in the series).
- You cannot achieve or store Apps, mock-ups, agendas, photos, or biographies, as these may contain PII and BCI for anticipated future events or reference. To comply with our own data security policies and GDPR, we must delete all information that we no longer have a specific and legitimate reason to hold, and consent from all individuals to do so.
- If a client (the data controller) wishes to store this information, they may do so, but we, Encore (as data processors), are done with that data and, therefore, cannot store it, even if a client asks us to!
Removing Data
Data should only be kept as long as it is needed for the specific purpose for which it was provided to you.
Encores data retention policy is to delete event data after 60 days.
Common questions:
-
Should I remove headshots after the event? - Yes. Headshots are considered PII. We no longer have consent or a legitimate reason to hold that headshot on file.
- Should I delete files downloaded to my computer from secure locations after I no longer need them? Yes. Even if the files were obtained securely, you should delete them once they're no longer needed, then make sure to empty the trash can to delete them permanently.
- What about deleting files from SharePoint? Files should be deleted from SharePoint after uploading them to the event platform.
-
Is there a retention policy? The retention policy is 60 days from the agreed takedown of the digital platform.
- In some cases, this ‘end date’ might be some months after the actual show dates, but it should be agreed with the client and specified within the project plan.
Common practices at Encore (Digital Production):
- For the US, the shared folder has a folder named 'client'. That folder is automatically cleaned of PII. So as long as the Project Manager only gave the client access to a folder within that 'client' folder, it's automatically deleted and the PM isn't responsible for cleaning.
GDPR Specific Practices
The best practice you have learned on this page will help keep us compliant with GDPR, but there are some specific rules.
Common questions:
- If someone requests their information, how quickly do I have to send it to them? Per GDPR, you have one calendar month from the date of the request to provide ALL of the data that the company holds relating to that individual. RP: Who exactly is responsible, Encore as the data processor or the client as the data controller?
- If a GDPR breach occurs, who do I need to tell and when? You need to immediately escalate the issue up your management chain to a person who is trained on how to report a breach. Breaches need to be reported by Encore within 72 hours of discovery.
Act fast and don’t hesitate to escalate any suspected or possible data breaches or concerns.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article