“Everyone Who Isn’t Us is the Enemy.”
dscout + privacy: How we protect our scouts’ information.
A naked man has few secrets, a flayed man none.
Game of Thrones
Game of Thrones mastermind George R.R. Martin once revealed he still writes on a 1970s word processor. He doesn’t want to teach a spell-checker to remember Daenerys Targaryen, Westeros, and every other word he’s made up for his world.
But Martin’s habit has another benefit as well. Without internet access, after all, his work is safer than most from hackers.
Few among us have as many secrets as the denizens of Winterfell, or information as valuable as an unreleased Game of Thrones manuscript. But researchers are a bit like Lord Varys. We seek out people’s secrets and sensitive information, which we definitely need to keep safe. And just like Varys, we sometimes even need to keep the information safe from our clients.
Financial companies, for example, are bound by regulations that prevent them from collecting or sharing certain information about their customers. At dscout, we've built security, privacy, policies, contracts, and procedures that allow us to support our clients in even the most regulated industries, like banking and healthcare, and remain within government privacy regulations.
One way we protect our scouts’ secrets is by creating a buffer between scouts and clients. Scouts don’t know for whom they’re being a scout, and clients don’t have access to information not relevant to their mission. This protects clients from the peril of having information they shouldn’t have, and prevents scouts from inadvertently releasing client information. This buffer also protects scouts from having their personal information misused. It’s like both sides each have a personal dragon looking out for their best interests.
Our scouts give us a lot of personally identifiable information (known in the security world as PII or SPI, meaning sensitive personal information). We may know a scout’s first and last name, address, email address, sexual orientation, and income … but our clients don't know all of that information. They receive only the scout information they need to conduct their research. For example, a client may know the city a scout lives in, but not their street address.
But what about the clients and scouts in the Southern and Eastern Kingdoms, aka Europe? Europe has by far the most stringent Internet data privacy standards. In the EU, individuals have the right to be “forgotten” online, meaning they can ask companies, including search engines, to remove links with personal information about them. How does a company in the United States ensure that it’s abiding by European laws?
The U.S. Department of Commerce and the European Union created a protocol known as Privacy Shield. By joining Privacy Shield dscout ensures that our privacy policies match those required by European companies, and thus surpasses the policies required by the U.S. government. These policies include notice, choice, and accountability. So wherever in the world clients want to recruit scouts, we can help them, knowing we’re obeying the laws of all the seven kingdoms.
dscout’s data privacy is important for the protection of our scouts and our clients, but it’s only worthwhile if we are also doing everything we can to protect our company and clients from outside threats, too. Coming soon: How we keep the White Walkers out, AKA dscout on cybersecurity.
Subscribe To People Nerds
A weekly roundup of interviews, pro tips and original research designed for people who are interested in people