Security
On-Demand Capacity
Business Continuity

Privacy Direction

Extreme Flexibility
Demonstrably Simple
Continual Improvements


  topic image  

Privacy Observation:

NSA Prism, GCHQ and other agencies are not in a position to access any application data.   All data is housed in multiple physically secure tier-4 data centres that house the UK broadband backbone.   Private dedicated servers with fully encrypted databases store the data and prevent access by unauthorized users.   All comunication to and from the servers is via HTTPS encrypted communication links to prevent data being copied while it is being provided to authorized users.

  topic image  

Relevance:

While many corporations will be content with a reasonable level of privacy, we consider that our entire business is totally dependent on never ever having any kind of security or privacy breach.   Without any compromise, we choose to ensure that no hacker, criminal or state-sponsored cyber spy will be able to access any application data.   This may be expensive, but as our entire reputation and survival of our business is dependent of having no vulnerabilities - this is a cost we choose to pay.

  topic image  

Privacy Guidelines:

While security standards like ISO 27000 exist, no privacy standards exist, so best practice is published as a policy and guidelines.   Privacy begins with trust and verification, being open and transparent, and doing the right thing.   People and not monitored, but data and functions are monitored - people are not stolen but data could be stolen.
1. People are educated to only access private and confidential business data in the CRM application service.   Business data shall NEVER be stored on any local desktop, laptop, tablet, phone or portable (USB) media for any reason.   When business data arrives in the office, it must be scanned, uploaded and the physical copy destroyed by scredding - the same day.
2. People are protected from a criminal attack against their families in exchange for stealing a business data, by ensuring that criminals can see that people are not able to steal business data to order.   When a person is attacked, they are educated to give up thier pass phrase and any other information they may have - nobody is expected to be a hero in the face of a rethless criminal gang.   Application services are in place to protect people and to protect business data in the event that a pass phrase is stolen and misused.
3. Data is protected from both external and insider attacks, with insider attacks being classified as the most serious.   Half the security budget is used to stop criminal attacks and the other half is used to stop insider theft and/or accidential deletion.
 
  topic image  

Legal Obligation:

A UK court order could demand that we are obliged to give up our encryption keys to law enforcement agency but until that time, all data is safe, secure and private.

  topic image  

Triple Interleaved:

While some application service providers may be content with a single layer of encryption, we choose to deploy multiple layers of interleaved encryption as this has proved to be hard and very expensive to try to decrypt.   Each layer of encryption creates a partial result that cannot be read or understood as begin a valid solution - its just a string of data with no structure.   Industry professionals consider that three different layers of interleaved encryption may be beyond the capability of current computing power to decrypt.
The degree of encryption used is the highest permitted by UK and European law.   This may exceed certain USA export limitations and restrictions where certain data must be capable of being decrypted by Government agencies without a court order.

  topic image  

Portable Media:

While some companies try to block USB devices and DVD writers, these methods provide false security as they can easily be circumvented.   The certain wasy to keep business data private is to make sure that it is always encrypted and stored in many remote data centres.   Business data must never be permitted to be downloaded to a local computing device where it can be stolen, when the act of download is a clear violation of Data Protection regulations as the data is no longer encrypted.
 
  topic image  

Privacy Policy:

* All application data is fully encrypted in all databases in all data centres all the time.
* All application service communications are encrypted for every web page all the time.

  topic image  

Cameras:

People should expect that everything they say and do may be recorded and may be used against them - sorry this is just a fact of modern life.   People should expect that privacy in the workplace does not exist because it is a place of work where many different cultures come together for the benefit of the business.   Business data cannot be protected with a camera - business data is protected by encryption.
Cameras provide good physical security - cameras make people less likely to suffer a physical attack.   People are encouraged to wear cameras to be able to prove what they did and when they did it - this is not a privacy issue.

  topic image  

Privacy Direction:

Application data will be copied by many (Government) agencies when (1) data is downloaded to a local computer and when (2) data is communicated by email.
It is recommended that for future corporate privacy reasons, any business data traditionally stored on a local computer must be stored in an encrypted database and business data traditionally sent by email must be communicated with a HTTPS messaging service.   These application facilities and services are already being used in an effective way, so evolution must enable more business data to be supported in the same way.   These simple evolutionary steps will provide the foundation of a privacy policy that is fit-for-purpose.

  topic image  

Duty of Care:

Employers have a duty of care to protect staff (and their families) from being threatened by criminals to steal business data.   Staff must be able to prove to criminals using on-line public documents that they are not able to steal business data to order.   When staff are threatened by a criminal, they are educated to give up their pass phrase and any other information they may have - other systems will minimise the damage that a criminal can do.
When a person leaves, it must be assumed that a vast amount of intellectual property will go with them by way of remembered procedures, methods of working and confidential data.   It is not reasonable to wipe clean memory, so other procedures must be put in place to cope with the transfer of intellectual property - contracts preventing the person from earning a living would not be legal.
Privacy Direction 14 Dec 2017 : 20:58Copyright © 2017 LeXica Ltd54.83.122.227 request 1 in -0.9 seconds