Data security is a phrase that seems to be on everyone’s lips these days, with a news report about the most recent breach of customers’ personal information seeming to pop up almost every week. In the marketing research industry, where companies handle the personally identifiable information for thousands, if not millions of consumers, data security must be an absolute priority.
SOC2 Type II certification is awarded to companies that have proven their systems are designed to keep sensitive data secure. Controls can be assigned to one or more of the following areas: security, availability, processing integrity, confidentiality, and privacy.
Each of these areas require that the company in question adhere to rigorous processes and system structuring when dealing with customer data. In order to qualify for SOC2 Type II certification, a company must submit to an initial evaluation followed by an annual audit by a third -party firm that encompasses all of that company’s internal control policies and practices over the course of the previous review period.
Living and working as we do in the “digital age”, it’s easy to get comfortable transmitting data back and forth, especially since the means to do so have expanded, allowing for quick transfer of even very large files. It’s as quick as the click of a button to send a file of your customers to your research provider in an email so that data collection can begin.
But it’s critical that you don’t, as an email can be easily intercepted, and its contents extracted by a sophisticated hacker, and then you’re responsible for the exposure of your customers’ information to an unknown party.
SOC2 best practices when sending emails include:
- Never send emails containing personally identifying information (PII) or other information that you need kept confidential. Use a secure file transfer protocol (SFTP) instead.
- Never send passwords in emails, unless the email is encrypted using a recipient authentication process.
- Incoming email should be treated with care due to its inherent information security risks. No email attachments should ever be opened unless you both a) know the sender and b) are expecting the arrival of said attachment. Hackers can easily “spoof” an email to make it look like it comes from one of your contacts and trick you into sharing sensitive information.
Click on the link below to read more about SOC2 Type II certification and why it’s considered a best practice for data security: