Security & Data

Last updated: August 13, 2024

Processes to Protect Customer (PI and Non-PI) Data

Protecting customer data is paramount for DealerLeads. We have implemented a range of processes and protocols to ensure the security and privacy of both Personally Identifiable Information (PI) and non-PI data. Here’s an overview of our data protection measures:

Data Encryption

  1. Encryption in Transit: All data transmitted between our systems and clients is encrypted using TLS (Transport Layer Security) to protect against interception.
  2. Encryption at Rest: Sensitive data stored in our databases is encrypted using advanced encryption standards (AES-256) to prevent unauthorized access.

Access Control

  1. Role-Based Access Control (RBAC): Access to customer data is restricted based on user roles and responsibilities. Only authorized personnel have access to sensitive information.
  2. Multi-Factor Authentication (MFA): MFA is implemented for all systems accessing customer data to add an additional layer of security.
  3. Least Privilege Principle: Employees and systems are granted the minimum level of access necessary to perform their tasks, reducing the risk of data exposure.

Data Anonymization and Masking

  1. Anonymization: Personally identifiable information (PII) is anonymized where possible to protect customer identities.
  2. Data Masking: Data masking techniques are used in non-production environments to protect sensitive information during development and testing.

Secure Data Storage

  1. Secure Servers: Data is stored on secure servers with robust security measures, including firewalls, intrusion detection systems, and regular security updates.
  2. Cloud Security: For data stored in the cloud, we use reputable providers (such as AWS, Google Cloud) with strong security practices and compliance certifications (e.g., ISO 27001, SOC 2).

Data Backup and Recovery

  1. Regular Backups: Regular backups of all critical data are performed to ensure data integrity and availability.
  2. Disaster Recovery Plan: A comprehensive disaster recovery plan is in place to restore data and operations quickly in case of a data loss incident.

Compliance and Legal Considerations

  1. Compliance with Regulations: We comply with all relevant data protection regulations, including GDPR, CCPA, and others, ensuring lawful handling of customer data.
  2. Data Processing Agreements (DPA): DPAs are established with third-party vendors to ensure they adhere to our data protection standards.

Employee Training and Awareness

  1. Security Awareness Training: Regular training sessions are conducted to educate employees about data security best practices, phishing, and other cyber threats.
  2. Confidentiality Agreements: Employees are required to sign confidentiality agreements to underscore the importance of data protection.

Monitoring and Auditing

  1. Continuous Monitoring: Continuous monitoring of systems and networks for suspicious activities and potential security threats.
  2. Regular Audits: Regular security audits and assessments are conducted to identify and address vulnerabilities in our systems.

Incident Response Plan

  1. Incident Detection: Systems are in place to detect security incidents in real-time.
  2. Incident Response Team: A dedicated incident response team is available to manage and mitigate the effects of any data breaches or security incidents.
  3. Communication Protocols: Clear protocols for communicating with affected customers and regulatory bodies in the event of a data breach.

Secure Development Practices

  1. Code Reviews: Regular code reviews and security testing are conducted to identify and fix vulnerabilities in our applications.
  2. Secure Coding Standards: Developers follow secure coding standards to minimize the risk of introducing security flaws.

Vendor Management

  1. Third-Party Risk Assessment: Thorough risk assessments are conducted for third-party vendors to ensure they meet our security standards.
  2. Vendor Contracts: Contracts with vendors include strict data protection clauses to safeguard customer data.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

  1. By email: support@sba.net
  2. By phone number: 800-400-9844