Controlling access to your ENS ... and the sensitive data stored there
Emergency notification services are designed to help you contact tens, hundreds or thousands of people at the touch of a button. The downside of that is ... you are now responsible for looking after data belonging to tens, hundreds or thousands of people. If you're lucky, that data may be restricted to work related contact details, but more often than not, emergency notification systems are used to communicate with people using their personal mobile phones, their home landlines and their private email addresses.
Modern mass notification services are usually cloud hosted, and your provider should be able to give you all the re-assurance you need about where your data is stored, and the physical and logical measures taken to protect it. For example, Alert Cascade is hosted here in the EU via Amazon Web Services and you can read our security factsheet here.
But what about the human element? Information Commissioner's Office (ICO) reports regularly show that despite the huge technological advances made over the last decade, human error (and sometimes deliberate human action) continues to be the root cause of the majority of data breaches they deal with.
2017 Rebecca Gray leaves her role with a recruitment agency and moves to a rival firm; before leaving, she downloads and emails the personal data of approximately 100 clients and potential clients to her personal email address and subsequently uses the information at her new job.
2016 Historic Society allow a staff member to work from 4 separate locations, as well as from home, and provide a laptop as part of the role. The unencrypted laptop is subsequently stolen, along with personal data relating to all individuals who had loaned or donated artifacts to the Historical Society.
2015 London healthcare clinic accidentally leaks HIV status of patients by emailing all subscribers to their "Option E" service (which allows HIV positive patients to receive test results, schedule appoints and receive newsletters) and using the "To" field rather than the "BCC" field.
2014 Norfolk County Council sells redundant office furniture to a third party without checking the furniture is empty; when a member of the public subsequently purchased a filing cabinet from the third party, they found that it contained case files relating to the local children's social work team.
Accidents happen, but in today's world (and with GDPR just round the corner) it's important that we all take steps to minimise the chances of an accidental breach and to mitigate the effect of any such breach. So, how can your emergency notification service help you with that?
Data access and user permission levels
Being able to securely upload your contact data is important; as well as obligations under the Data Protection Act (DPA) and General Data Protection Regulations (GDPR), there are operational reasons why up to date contact data is vital. The main focus of an emergency notification service is to be able to use the service to notify people in an emergency ... and you can't do that without accurate contact data. You can learn more about the data maintenance options available with Alert Cascade by reading our post, Garbage in, garbage out!
Now that you have your data in place, and you're maintaining it regularly, you need to think about who should be able to access it and why. Our mass notification service allows you to set individual permission levels to meet the needs of your business in a crisis, without compromising data security. For example, Operators can see individual names and create, send or amend messages. But, they can't see the contact data relating to those individuals. So they have enough access to fulfil their role, but no access to information they don't specifically require.
Admins on the other hand, can access personal data. But that doesn't mean they automatically have access to everything. Alert Cascade gives you the option to create child accounts with their own administrators; they still have all of the administrator functionality, but their dataset is limited to the child account - perfect for regional offices or subdivisions who need to be able to invoke a local level Business Continuity Plan, but shouldn't have access to personal data belonging to staff in other locations.
And last but not least, new users are created at the lowest access level by default. You can tell us to create a user as an admin or operator during the import process, or you can manually amend a user access profile via the responsive dashboard, but in the absence of those instructions, Alert Cascade's default setting is to create low level users with no access to sensitive data - privacy by default.
File privacy settings
Alert Cascade includes a secure media library module, designed to allow you to keep back ups of your important files outside of your own infrastructure and to store frequently used attachments ready for quick deployment as part of your email and SMS messages. But not all of those files will be suitable for general release, and some of those files may contain commercially sensitive or personally private information.
To help you manage your files effectively, in addition to the standard user permission levels, you can set privacy policies on individual files. They can be assigned to a specific child group, or made available at top level only; you can choose between Private (available to admins who have access to the group the file is assigned to), Shared (available to all users, but can only be uploaded, edited or deleted by an admin) or Public (all the functionality of Shared, with the added ability to create a link to the file that can be shared outside of your users).
You can chose to include a link to one of your media library files within your messages; the link will expire when your message expires, ensuring that information that is relevant to one specific event is only accessible whilst the event is still live. Customer feedback tells us that out of date information, or accessing previous versions of documents, can cause a huge amount of confusion during a business disruption event. Putting you in control of how and when your files can be accessed also puts you in control of the situations you're dealing with.
Audit controls and reports
Despite all of the safeguards our emergency notification service will give you, mistakes (or accidentally on purposes) may still happen. The key thing here is that if you don't know something's happened, you can't do anything about it. Because of that, we give you the ability to send automatic notifications to your admins for key risk areas within your account:
• Contact data imports, including manual uploads, SFTP files and API integration
• Contact data exports, including users list and detailed message report downloads
• Media library file uploads of any file type, notification includes privacy settings used
• Media library file amendments, notification includes details of the amendment made
• Media library file deletions, includes a warning to check saved messages that use this file
• Media library file downloads when accessed via the dashboard
If you have child groups set up, you can notify just the child group admins of media library and data actions, or you can include the global admins in your distribution list. And this isn't an all or nothing feature. As with everything else in our platform, we recognise that different customers have different ways of using the service and different internal policies and procedures. So, each trigger point for your audit notifications can be turned on or off via our unique app free web dashboard. Whatever device you're using, you can set appropriate access levels for your users, you can set appropriate privacy levels for your files, and you can monitor access to the most sensitive parts of your service.