Your customer data is a high-value asset that is essential to enhancing your business. It is also very sensitive and requires the highest level of confidentiality.
Synamedia understands the importance of ensuring data privacy vis-à-vis your organization, your customers, and regulatory authorities. Rest assured that Credentials Sharing Insight (CSFEye) is compliant with GDPR, enabling the analysis of valuable customer data and the derivation of actionable insights with a clear conscience.
CSFEye is a cloud-based user behavior analysis solution that identifies accounts where your service is being shared contrary to your license agreement. The solution handles various use cases to minimise the impact of credentials sharing on your business.
Despite the sensitivity of the information it leverages, CSFEye ensures data confidentiality. As a data processor, the solution utilizes multiple customer data points to identify sharers and analyse their behaviour. Some of these data points appear on the solution’s dashboards to present a sharing “situation picture” to help you take appropriate action.
In order to process and analyse user data, it is also important to identify those data points that can be traced back to each individual. CSFEye requires three such points – subscriber ID, device ID, and device IP address. The three fall under the rubric of personal data/ personally identifiable information (PII), which represents the primary area of concern of GDPR and other privacy regulations worldwide. And the three are the focus of our GDPR compliance efforts.
We ensure that your sensitive PII data remains secure in various ways.
While we keep all of our customer data encrypted, the subscriber ID and device ID are unique numbers that identify each account holder and her/his devices respectively. To ensure that these two data points remain confidential, we require the data controller (i.e. service provider) to encrypt them through hashing. This obscures that data wherever it appears and whenever it is used for analysis, thereby preventing it from being tied back to the user’s individual or household identity.
The Internet Protocol address identifies the subscriber device connection. Unlike the obscured subscriber ID and the device ID, the IP address must remain fully intact in order to identify sharers’ behaviour accurately. As such, we remove that data point entirely from the CSFEye dashboard, while securely storing it in our database.
As a company fully committed to ensuring data privacy, Synamedia even secures data that is not traceable or subject to GDPR compliance.
In addition to securing PII data, we maintain a set of complementary best practices when deploying CSFEye to give you even greater peace of mind.
Since CSFEye is a multi-tenant solution, it processes enormous amounts of information from multiple data controllers. To ensure that information from one data controller is isolated from others, we store the data of each client in its own AWS bucket. This not only ensures the separation of data but also enables fast and accurate data removal when requested.
CSFEye encrypts data at both the storage and transport stages to guarantee that it is secured at all steps of the data processing.
Synamedia employees’ accessibility to data passing through CSFEye data is restricted on a need-to-know basis with each individual requiring credentials to access it. This minimises the risk of data exposure while ensuring that Synamedia audits and logs all employee access to client data.
Each Synamedia employee who works with CSFEye’s dashboards receives access privileges based on her/his role.
We back up all information to eliminate the possibility of data loss.
We remove the entire tenant from our records when requested by the customer.
Unless otherwise requested or in the event that a client stops using CSFEye, we retain PII data for five years and then destroy it.
