Data Security
Data or Cyber security is of utmost importance to AcoBloom, we have carried out the process of identifying the risk, implementing the security controls to mitigate risk in terms of physical security, Network security, Human resource training and confidentially and work from home security measures. Our data security policies are based on the lines of SOC-2 issued by American Institute of Certified Public Accountants (AICPA). We have also fine-tuned our data security and confidentiality policies as per principals of SOC-2 framework i.e. Privacy, security, confidentiality, processing integrity and availability.
The United States doesn’t have a single privacy law that covers the privacy of all types of data. Instead, it has a mix of sector specific or state-level laws that address various aspects of data privacy. The regulations revolve around – right to notice, right to access, right to opt in (or out), right to equal services, permission from users process their data, rights to view, obtain, delete and correct their data.
The privacy regulations principals can be summarized as follows:
- The collection, use and disclosure of personal information.
- An organisation or agency’s governance and accountability.
- Integrity and correction of personal information.
- Individuals’ rights to obtain their personal information.
India also, in a recent judgment of the Hon’ble Supreme Court declared the right to privacy as a fundamental right and has provided much-needed push for introducing a robust and comprehensive data protection legislation in India Accordingly a data privacy Bill was introduced in Lok Sabha (lower house) on 11th December, 2019, and is being currently being analyzed by Joint Parliamentary committee and will be passed soon. The bill is on the line of SOC-2 privacy principles and its main aim is to protect fundamental right to privacy.
Key Responsibilities
AcoBloom International’s clients generally are data controllers or data processors, while AcoBloom acts as a data processor or data sub-processor.
The data controller determines the legal means and purpose of processing of personal data of the data subject, while data processor processes the personal data on behalf of data controller or where we are data sub-processor, we process data on behalf of data processor. Although generally, data controllers are responsible for data privacy compliance, but we as data processor or data sub-processor consider ourselves as equally responsible for implementing organizational and Data security policies enabling privacy by design and default, demonstrating that data processing at our end is secured and protected enabling data controllers or data processors as applicable to be fully confident about data privacy & security while sharing their or their client’s data.
Data or Cyber security is of utmost importance to AcoBloom, we have carried out the process of identifying the risk, implementing the security controls to mitigate risk in terms of physical security, Network security, Human resource training and confidentially and work from home security measures. Our Data security and privacy strategy is divided into:
- Our Approach towards data Privacy and security
- Business Continuity Plan
- Our Commitment towards data privacy and data security
Data Privacy and Data Protection methodology. We have a full-fledged Information security management system manual to ensure that we conduct our activities in such a way we use the information for law full purpose, and the information assets are optimally protected in accordance with the principles of privacy, security, confidentiality, processing integrity and availability.