Transfer Risk Assessment - Global Operations
We run a 24/7 operation and employ security analysts globally to support this. In countries where we do not have a legal entity setup for employment we legally employ using a local Employer of Record. All employees engaged by SenseOn which are legally employed through the Employer of Record act as SenseOn employees. These employees follow SenseOn internal policies and processes and are subject to the same hiring and disciplinary procedures as any other employee. The Employer of Record exists purely to meet the requirements of employment taxation and law. These employees do not do any further activity relating to data processing relating to SenseOn’s customers which is not directed or controlled by SenseOn.
Legal basis for transfer
We transfer data outside of the EU using an Article 46 transfer mechanism, this allows SenseOn to send personal data to a country which does not have a GDPR Adequacy Decision and is inline with the EU's and ICO's GDPR guidance. This is supported by a Transfer Risk Assessment (TRA) and involves a risk assessment for the international data transfers ICO guidance on Transfer Risk Assessments
All entities incorporate EU Model Standard Contractual Clauses in our contract, including the UK ICO Addendum ICO Guidance on GDPR contractual clauses
The assessment in this document is based upon the ICO's published Transfer Risk Assessment Tool which is available at Transfer-risk-assessments-tools.doc
Assessment Question 1: What are the specific circumstances of the restricted transfer?
Importer details
| Question | Response |
|---|---|
| (1) Name of importer: Who is the personal information going to? |
Remote Technology Inc |
| (2) Destination country (or countries) of the personal information: | Australia Argentina United States of America Japan United Kingdom |
| (3) Status of the importer: See ICO guidance on controllers and processors for more information |
  Processor or Sub Processor |
| (4) Importer’s organisation: What kind of organisation is the importer? |
The data importer’s business or organisation is: - Part of a multi-national group - Remote Technology Inc. - Commercial - Other relevant feature: An Employer of Record (EoR) operating a subsidiary to handle HR and local employment taxation in multiple countries. |
| (5) Importer’s relevant activities What will the importer be doing with the information? Think about why the importer is using the personal information that will be transferred. You may be able to re-use a description of the importer’s activities as set out in your service contract with the importer. For example: “The importer is supplier of software solutions. It is supplying a software package to the exporter and will host the importer’s customer information on its servers in the US.” |
The importer’s activities or services that are relevant to the transfer are: SenseOn uses a follow the sun model for its 24/7 Security Operations. This means SenseOn splits its analysts into 3 primary time zones where its analysts operate during a normal working day for their timezone. This prevents SenseOn employing analysts on overnight shifts in a single location which has been found to be an expensive way to have a poor performing team with high employee turnover. Employees within international locations are legally employed through a Employer of Record (EoR). This is to ensure that SenseOn complies with local employment law and fulfils its international employment related tax obligations. All employees engaged by SenseOn which are legally employed through the Employer of Record (EoR) act as SenseOn employees. They must follow all SenseOn internal policies and processes and are subject to the same hiring and disciplinary procedures as any other employee. The EoR exists purely to follow local tax and HR purposes. They do not do any further activity relating to data processing relating to SenseOn’s customers which is not directed or controlled directly by SenseOn. This global team performs the following duties involving personal data: - Handles first and second line customer support requests, via email, phone and in product chat. - Responds to and investigates security alerts generated by the SenseOn platform. |
Details of the people the information is about
| Question | Response |
|---|---|
| (6) Categories of people: Who is the personal information about? Think about who the personal information being transferred is about. Click in the box next to all of the categories of people who are included in the personal information being transferred. You may make appropriate amendments or add specific details to any of the categories or click “other” and add your own categories at the end. |
The personal information transferred is about the following categories of people: Confirm if the people are either or both: adults (who are not vulnerable) children or vulnerable adultsNote: Only if SenseOn is deployed into an estate where these users will be present. Tick all the categories that apply: Each category includes current, past and prospective people the information is about. If any of the following is a business or organisation, it includes their staff. staff including volunteers, agents, temporary and casual workers customers and clients (including their staff) suppliers (including their staff) patients students and pupils other (please provide details of other categories of people the information is about): Note: All users on networks monitored by SenseOn end users will have a limited amount of personal information collected. |
| (7) Volume How much personal information are you transferring? |
For each person: the number of personal information categories (you can count these when you complete Table 2): No special categories of data are collected. The following categories of personal data collected which are listed in Transfer Risk Assessment table 2 are: - Name (if determinable from username), ICO initial Risk Factor: Low - Address or contact details (email), ICO initial Risk Factor: Low For each transfer: Each end user system monitored, the personal data of one user is likely to be processed, this may be more if servers with multiple users are monitored, this will vary depending upon the size of the customer. (estimated). Over the term of your contract or arrangement: All users of monitored systems will have their personal data processed, this will vary depending upon the size of the customer (estimated). |
Duration
| Question | Response |
|---|---|
| (8) Frequency of transfers How often will these transfers occur? Think about how often information will be transferred to, or accessed in, the destination country. Delete and complete the wording as appropriate. |
How often is a transfer made: Data can be accessed by these employees when required to during a security investigation or support request. |
| (9) Duration of arrangement with importer How long can the importer receive or access the information for? You may cross-refer to a separate contractual provision here, or to a mechanism to determine the duration of the relationship (if your contract may be extended, or terminated early). |
Only for the duration of the contract. All equipment and systems used to access the data are controlled by SenseOn. Data accessed by these international employees is through a web interface on a SenseOn owned and controlled laptop. Data is held on a SenseOn analysis appliance located in a jurisdiction of the customers choosing. |
Protections for the transferred personal information
| Question | Response |
|---|---|
| (10) Format of the personal information What is the format of the transferred personal information? For example, is it plain text or encrypted? |
Data is accessed from the following locations: From within a SenseOn analysis appliance. SenseOn's centralised ticket management system. SenseOn's customer support platform |
| (11) Transfer process How are you sending the personal information? For example, are you transmitting it by email, website encryption or secure file transfer protocol (SFTP)? Or does the transfer involve remote access to personal information stored in the UK? |
Data is transferred using TLS 1.2+ and accessed via a web browser. |
| (12) Exporter’s technical and organisational measures What other technological and organisational security measures will you put in place to protect the personal information before transfer? Is the personal information pseudonymised? |
By the exporter before transfer: SenseOn collects the minimum viable information to fulfil our contractual obligations to our customers. SenseOn audits access to customer systems to ensure access was appropriate and there was a legitimate business need for the access. Monitoring is conducted of SenseOn servers and end user devices to detect suspicious activity including insider threats. |
| (13) Importer’s technical and organisational measures What other technological and organisational security measures will the importer have in place to protect the personal information once it has been received? |
By the importer after receipt: Access is only performed on a device owned by SenseOn which conforms to the SenseOn security standard. |
Categories of personal information
| Question | Response |
|---|---|
| (14) Categories of personal information What type(s) of personal information are you transferring? |
No special categories of data are collected. The following categories of personal data collected which are listed in Transfer Risk Assessment table 2 are: - Name (if determinable from username), ICO initial Risk Factor: Low - Address or contact details (email), ICO initial Risk Factor: Low |
Assessment Question 2: What is the level of risk to people in the personal information you are transferring?
Risk assessment for names
| Question | Response |
|---|---|
| Category of personal Information | Name |
| Initial risk score. (low, moderate or high harm risk) | Low |
| Aggravating factor. Information is confidential | No |
| Aggravating factor. Person the information is about is a child or vulnerable adult | No. Unless deploying SenseOn into a location such as a school or covering a guest network which may have children. However the data collected from these users would not be able to be used to cause harm and the data is constrained to include names (if possible to determine from the username format) and IP addresses. |
| Aggravating factor. Large volume of information about each person | No |
| Aggravating factor. You can infer special category data from this information | No |
| Mitigating factor. Information is in the public domain | No |
| Mitigating factor. Before Transfer, information is encrypted, pseudonymised or similar, and importer does not have the key | No |
| Other factors. | All access from those operating within the security analyst team will be acting as if they were legally SenseOn employees. That is according to our processes and held to the same standards and security measures as legally employed SenseOn employees. |
| Final risk score. | Low |
Risk assessment for IP address and contact details
| Question | Response |
|---|---|
| Category of personal Information | Address or contact details (includes IP address) |
| Initial risk score. (low, moderate or high harm risk) | Low |
| Aggravating factor. Information is confidential | No |
| Aggravating factor. Person the information is about is a child or vulnerable adult | No. Unless deploying SenseOn into a location such as a school or covering a guest network which may have children. However the data collected from these users would not be able to be used to cause harm and the data is constrained to include names (if possible to determine from the username format) and IP addresses. |
| Aggravating factor. Large volume of information about each person | No |
| Aggravating factor. You can infer special category data from this information | No |
| Mitigating factor. Information is in the public domain | No |
| Mitigating factor. Before Transfer, information is encrypted, pseudonymised or similar, and importer does not have the key | No |
| Other factors. | All access from those operating within the security analyst team will be acting as if they were legally SenseOn employees. That is according to our processes and held to the same standards and security measures as legally employed SenseOn employees. |
| Final risk score. | Low |
Assessment Decision Point A
Based upon the assessment all categories of personal information we are transferring are a low harm risk. Based upon the ICO guidance we may proceed with the restricted transfer. This is because no matter what the response might be to subsequent question, the nature of the personal information and the circumstances of the transfer means the risk of harm to people is low. This is recorded as the final decision on the TRA.
Assessment Conclusion
Proceed with the restricted transfer.
Based upon the assessment as there is only low harm risk data being transferred and the mitigating factors do not increase the risk factor. Therefore the data transfer may proceed with no further investigations.