This briefing document is designed to inform clients as to the technical management details concerning data that is held and managed by Elaura itself, i.e. beyond the data we access via Birkman International's (BI) online system; and the measures Elaura has in place to protect the integrity of this data. (For details on BI's management of data, please see http://birkman.com/gdpr and related links.)
The data Elaura holds and manages includes Birkman Profile data stored on our secure servers for our hoozyu and expresso platforms, for giving individual and corporate clients access to their own details scores, and for analysis.
As a provider of cloud-based personal and organisational development services, Elaura Asia Pte Ltd and its subsidiaries (collectively Elaura) have always taken the issue of data security very seriously. To this end, we limit the personally identifiable data that is held online, and ensure that our servers and databases are secure and - where appropriate - encrypted.
We exclusively use the https protocol for all client-server and outbound server connections, using TLS 1.2 with modern cipher suites and forward secrecy implemented.
In the event that we become aware of a possible or actual data breach, it is our policy to immediately inform all clients who may be affected. (For this reason we request that clients keep us updated of changes in their email contact details).
Secondly, it is a principle that this personal data always belongs primarily to the individual: we do not divulge that data to their organisation or any person therein unless the subject provides clear consent. If such access is required for the purposes of a project (which is commonly true) then participants are required to be be informed beforehand by their organisation that their participation in the project will grant specifically defined consent.
Thirdly, where Elaura uses individual data for the purposes of internal research, such data is first anonymised and aggregated.
We expect our clients to take the issue of data security seriously as well, for example by:
Where passwords are lost / forgotten, they can be reset securely via the expresso or hoozyu platform. In the event that a client becomes aware of a possible data breach, we ask the client to inform us immediately on firstname.lastname@example.org so that we can take all necessary measures to re-secure the system and identify actual losses.
Elaura makes use of The Birkman Method as its profiling engine for all of its products and services. The Birkman Questionnaire and associated processing used to produce a Birkman Profile (the processed scores) is a proprietary instrument, owned and operated by Birkman International, Inc of Houston TX, in the USA. It is important to note that Birkman profiles are positive and non-judgemental: there are no bad scores. This means that (unlike, say, exam grades or aptitude test results) in the unlikely event that profile scores are inadvertently released, there should be no adverse impact to the subject.
Examples of profile scores would be: gridStressX = 23, interestArtistic = 97 or cf140_Construction_Extraction = 78.
Elaura has no access to nor copies of an individual’s responses to the Birkman Questionnaire, which are held, along with the processed scores, in Birkman’s own secure facilities in datacentres in the US. Birkman counts many of the largest corporations in the world as its clients and takes data security very seriously; however, it should be noted that in the event that a non-US client insists on ‘no offshoring of data’, expresso, hoozyu and any other Birkman-based product will currently be ruled out of contention. Birkman are reviewing their storage arrangements with regard to non-US data in 2018.
Elaura accesses and stores only the processed scores for each individual who completes the Birkman Questionnaire and does so via a secure API provided by Birkman. The scores accessible via the API (currently 285 data columns) are tagged with the following personally identifiable data:
Of these, Family Name, Given Name(s), DOB and email address are the most sensitive because of their potential use in phishing and related scams; gender and language code are potentially sensitive to a lesser extent. No data is held in these online databases regarding Job Title / Role, physical location or any other data about the subject.
Users can only access their own data online if they have a hoozyu or expresso account. Username is the user's email address (for all expresso accounts this should be the subject’s corporate email address); password is user generated and is stored only as a non-decypherable, one-way bcrypt hash by the system. All passwords are salted to prevent ‘rainbow table’ attacks and statistical analysis of leaked passwords. This prevents anyone from accessing a password for an expresso account and then trying the recovered password against other accounts (email, bank, online services) the user may have.
Password resets involve a url-encoded guid being sent to the registered user email address and clicked; at no point is the old password accessed or displayed. Provided the client’s own email servers are secure, there is no way for a third party to successfully reset the password and gain access to the expresso or hoozyu account without access to the individual’s email account or Elaura’s own secure administration system.
Employees of Elaura who have a support or facilitation role and a legitimate reason to do so, have access to individual user accounts via an impersonation function. (Impersonation from a secure administrative account prevents any exposure of passwords, and is fully traceable).
By default, managers in client organisations or e.g. teachers in schools do not get access to other individual's data, so it is up to individuals themselves to initiate any sharing. Where the organisation (business or educational institute) has legitimate reasons to be able to access user data via a facilitator account, this fact is explained to participants before they set up their own account and complete the Birkman Questionnaire.
The expresso platform is hosted in a secure Equinix/Telecity datacentre in London, UK using virtual private servers. Our VPS supplier is Linode. Processed scores accessed via the Birkman API are stored in two ways:
Additionally, where a user accesses legacy Birkman pdf reports via a platform, this pdf is processed and stored temporarily on an AWS S3 server.
Development and testing operates on separate servers and databases, with no customer data in those databases. Direct Access to all production systems and databases is currently limited to the CEO and lead software developer.
All systems are kept up to date with security patches and best practices. In all cases, data is encrypted in transit and at rest (automated backups are also encrypted and stored in the USA)
Birkman data can be combined with other data - for example performance, appraisal or engagement data - to generate organisational and operational insights. This process is always under the control of an appropriately trained and supervised Elaura employee.
To reduce the risk of data breaches involving more sensitive individually identifiable information, this data is normally kept in password protected Excel documents on encrypted laptops and blended with Birkman data in Tableau on those laptops. The only exceptions are where clients subscribe to our Tableau Online service; access to data sources in Tableau Online is secured and filtered at the level of individual named users, and is inaccessible without an authorised, secure Tableau Online account.
Elaura is subject to, and registered as a data controller under, the Data Protection Act 1998 in UK and is also subject to the Person Data Protection Act 2012 in Singapore.
CEO / Principal Consultant & Data Controller
Elaura Asia Pte Ltd