Data Privacy Impact Assessment
A Data Protection Impact Assessment (DPIA) is the recommended process by the UK Information Commissioner's Office (ICO) to help minimise data protection risks. ICO Guidance on creating a DPIA
This document is to support you in the creation of a Data Privacy Impact Assessment (DPIA) for using SenseOn. It should be reviewed alongside the SenseOn Privacy Policy. This document does not define all types of data collected by SenseOn, just elements which are likely to be personal information as defined by the ICO under the General Data Privacy Regulation (GDPR). This document exclusively focuses on the use of SenseOn as a platform rather than the SenseOn's internal operations such as Sales & Marketing, HR or IT Operations.
Data Protection Office
SenseOn's Data Protection Officer (DPO) is Brad Freeman ([email protected]) and is listed on the ICO's Register SenseOn's ICO Registration
Requirement for a DPIA
We need to collect, process and store limited amounts of personal data in order to identify users, detect security threats and improve our product. This Impact Assessment details the personal data our software collects and why.
Lawful basis for processing
SenseOn processes personal data under the legal basis of fulfilling our contractual obligation to provide security monitoring products and services to our customers.
Users who can login to the SenseOn platform
Collection & processing
We collect personal data to authenticate and authorise users who can access the SenseOn interface.
For each user we record the following items of personal information:
- First and last names: To correctly address the user and record activity in audit logs.
- IP Addresses: To provide an audit record of where the system was accessed from.
- Email address: For password resets, 2 factor authentication and escalations.
- Phone number: For escalations by our security operations team.
- Hashed & salted passwords: To authenticate users.
Storage
User account information is stored in the database of your analysis tenant. It may be backed up for disaster recovery and business continuity purposes. Names and email addresses are shared with third party tools to provide in-product chat, and website analytics relating to the use of our software.
Endpoint agent & network telemetry
Collection & Processing
Our endpoint software runs on Windows, MacOS & Linux. This, and any deployed network probes collect and process the following items of personal data:
- Usernames: Recorded to track activity to a specific user. A username may not necessarily contain a name but it often does. Passwords are never recorded.
- IP Addresses: Used to correlate network activity to a specific computer.
- Incidental data collection: Our software does not intend to collect other forms of personal data. However it collects metadata such as opened filenames, domain names and metadata about unencrypted web traffic. In rare occasions this could contain personal data. For example if a file name was called bob_smith_misconduct_hearing.doc this file name would be stored and may be sensitive. This telemetry is required for threat detection purposes and we do not store the contents of files or perform any analysis inside encrypted sessions. The data collected is proportionate, and the minimum required to detect cyber security threats.
Storage
Full telemetry is only stored on the analysis tenant. In rare occasions this data may be used for product development as noted below. Details of security observations may be sent to a third party ticket management system for delivery of the service package, these are also centrally stored by SenseOn to ensure security analytics are functioning correctly.
Use of telemetry for product development
Product development, maintenance and improvement is part of our service. A number of threat detection approaches require access to customer data to create models of normal, suspicious and malicious behaviour. Customers can elect to not have their data used for product development by contacting their Customer Success representative.
A subset of customers may have a portion of their telemetry copied to a temporary centralised SenseOn database. This subset of data excludes personal data where possible by selecting information which does not include personal data, for example excluding IP addresses and file names if they are not required for the threat detection approach being developed.
Client data (and artifacts containing client data) will never leave this centralised database and will not be used for any other purpose outside of product development, maintenance and improvement.
The centralised database is secured appropriately with role based access control so only SenseOn employees who require it for their work can access it (and they will have only the minimum access required for their work). Any access to centralised client data from within the environment will be logged, along with the identity of the user who ran them. No parties external to SenseOn will ever be given access to the environment. Data in this environment is only retained for a limited period.
Cloud Integrations
Collection & Processing
We support SaaS integrations to services such as Microsoft Office 365 & Google Workspace. This includes details of security alerts generated by these products and a subset of the telemetry which they collect. These alerts and telemetry include the following:
- Names: Reported sender names which are often first and last names. Collected to compare reported names to the actual senders.
- Email Addresses: As the emails are being analysed for security purposes, it’s important to identify the source and recipient of emails. This is collected to detect unusual patterns and determine the spread of potential malicious emails.
- IP Addresses: We identify suspicious access to email accounts and email origins, the originating IP address is an important component of this.
- Incidental data collection: Full contents of emails and attachments are not collected. However, we record metadata such as subject lines and attachment names which may contain incidental personal information. This telemetry is required for threat detection purposes and is proportionate.
Note: SenseOn receives data from cloud integrations but the data which is sent is outside of its control. Therefore the data provided by a cloud integration API should be reviewed to determine if it is appropriate.
Storage
Logs collected from cloud integrations are only stored on the analysis tenant. Details of security observations may be sent to a third party ticket management system for delivery of the service package, these are also centrally stored by SenseOn to ensure security analytics are functioning correctly.
Changes to processing
The SenseOn Data Privacy Officer (DPO), is engaged with all changes to data processing. Customers are notified of significant changes to our data processing.
Sub Processors
SenseOn uses the following sub processors:
- Amazon Web Services (AWS): Cloud infrastructure provider used to host the SenseOn platform.
- Google: We use elements from Google such as analytics to monitor platform use and various components in Google Cloud Platform to run our services.
- LangFuse: Data processed by a Large Language Model (LLM) may be assessed by LangFuse for performance monitoring.
- SendGrid: Email delivery of alerts, platform invite emails etc.
- Intercom: Software component to enable in-product chat conversations. Use of intercom is required for support services.
- Atlassian: Services used for the monitoring of the platform and tracking of SenseOn delivered security operations.
- AntiVirus signature vendor: When the anti-malware component is enabled and a threat is detected with a Beta antivirus rule, the potentially malicious file will be uploaded to our EPP Signature vendor's cloud service. Vendor name can be shared under contract.
- Amplitude: Web activity within the SenseOn platform is monitored by Amplitude for the detection of user accessibility issues, errors and collecting statistics on platform activity.
Measures to reduce risk
- We are a security company by nature and have strong process and controls to ensure security in all parts of our operation.
- Our team includes an internal 24/7 security operations team, professional incident responders, penetration testers, security engineers and an experienced security leadership team.
- We maintain an ISMS which is externally audited on an annual basis by a UKAS accredited auditor to ISO27001.
- We are annually audited to the UK Cyber Essentials Plus standard NCSC details on Cyber Essentials.
- Data in transit from endpoints to our analysis systems is encrypted using mutual TLS 1.2+.
- Data at rest is encrypted with AES256.
Likelihood of harm
SenseOn collects personal information which is classified by the ICO as having a low risk of harm.