Over the past 20 years, Unique has grown from a company devoted solely providing Gentle Nudge® recovery services to a company now offering a wide array of communication and engagement tools for libraries worldwide. Regardless of the service(s) used, whether it be our Gentle Nudge® Recovery, National Change of Address, Print/SMS/Phone Notifications, Inbound Call/Chat or our newest MessageBee service, Unique is proud to receive and process your patron data in a process that ensures a secure and consistent workflow. Our dedication to protecting patron Personally Identifiable Information (PII) began the day our company started. Our priority focus has always been on data security. Today, managing secure systems looks very different than it did 25 years ago. In its ever-increasing complexity, we see data security as a crucial aspect of our service and a core tenet of Unique’s thoroughness in protecting you and your patrons.
Most are familiar with either the European Union’s GDPR regulation or California’s CCPA act. Both laws help limit the amount of PII companies obtain and ensure that data is managed carefully and remains fully protected. Why are these laws so important? Think back to the Equifax data breach in 2017. That was only one of 1,579 reported data breaches in 2017. Data breaches such as these provide hackers, (or “bad actors” as we call them in IT), the leverage over each of us with the eventual goal of stealing our money or identity. We live in a world where vigilance is critical to ensure our data is secure. And ultimately it is up to all of us to keep it secure.
What does Unique do to help keep your patron data safe?
Security at Unique is heavily emphasized from day one, in both systems and employee training. Unique employees undergo up-to-date security training, on a continuing basis. We have enacted on-going training to help our employees identify anomalies and common threat vectors. We have firewalls, web/email filters and antivirus applications to help keep our systems safe.. Whether you work at Unique, at your library, or move on to somewhere else, the number one asset in keeping data safe is your constant vigilance for attempted breaches. After the initial training, depending on the role of the staff person at Unique, we require additional training, such as bank fraud mitigation for our administrative staff, and additional security training certifications for our IT staff.
Another key point in data security at Unique is ensuring that our computer applications are processing the data in a protected manner. This starts with ensuring that data is securely transferred to our SFTP server over an encrypted connection, or for the libraries using the Sierra ILS in the coming months, transferring files to a secure AWS S3 instance. Once patron data hits our secure public server, it is immediately transferred to our internal systems and removed from our temporary server. Files are then processed through the associated systems and stored only as long as necessary.
At each step of the process above, the data is stored in one of our secure data centers. Each data center is protected physically through monitoring and, at least, two factor authentication. At the end of the life of a server, we first wipe the data we then physically destroy the drive using a specialized metal shredder. This leaves no recoverable data.
Unique also uses outside vendors to help assess areas for improvement. We subscribe to a “trust, but verify” philosophy. Unique trusts that we have well versed and trained teams, but verify through third parties that we are in fact on the correct track and are maintaining the strictest levels of data security.
We can continually learn about our strengths and weaknesses around data security and apply what we learn. This is critical because of the ever-increasing sophistication in the strategies used by the “bad actors” to breach our systems. Unique has always been at the forefront of data security and will continue to protect the security of your patron data as a top, ongoing priority. We are library patrons ourselves and hope that others are protecting patron personally identifiable information as well.