Abstract

Data Privacy Risk refers to the potential for user personally identifiable information (PII) to be shared non-compliantly with external parties, as well as the processes involved in allowing users to request the deletion of their data. Given that blockchain transactions are immutable and cannot be altered post-execution, it is crucial to ensure that PII does not appear onchain in any form. Data Privacy Risk exists both on and off the blockchain, with securing access to any repositories of this data being paramount. Mitigating these risks involves protecting against unauthorized access, theft, and accidental loss through robust security measures. Endaoment is committed to safeguarding user data through stringent data management practices, including multi-factor authentication, regular compliance checks, and adherence to applicable privacy regulations.

Policy Statement

Endaoment is dedicated to protecting user data and upholding individuals’ rights to data privacy, including the right to request data deletion. We implement secure data management practices and comply with all relevant privacy regulations to mitigate data privacy risks and protect our users’ information. Compliance with this policy is mandatory for all employees, contractors, board members, and representatives acting on behalf of Endaoment.

Risk Management Strategy

Risk Assessment

  1. PII Inventory and Classification
    • Maintain a comprehensive inventory of all PII collected, categorizing it based on sensitivity and usage.
  2. Threat Analysis
    • Identify and evaluate potential threats to PII security, including cyber threats, insider threats, and physical security risks.

Risk Mitigation

  1. Access Control Measures
    • Implement strict access controls to ensure that only authorized personnel can access sensitive PII. This includes the use of multi-factor authentication and role-based access controls.
  2. Encryption and Secure Storage
    • Utilize advanced encryption techniques for both digital and physical PII. Ensure that PII is stored securely to minimize the risk of unauthorized access.

Monitoring and Reporting

  1. Continuous Monitoring
    • Employ continuous monitoring systems to detect and respond to unauthorized access attempts or suspicious activities related to PII.
  2. Incident Reporting Mechanism
    • Provide a secure and anonymous system for reporting suspected breaches or unauthorized disclosures of PII.

Operational Controls

Policies and Procedures

  • Documentation
    • All data privacy policies and procedures are thoroughly documented, with both internal and external-facing components where relevant.
  • Annual Review
    • Conduct an annual review of policies, updating them as necessary to reflect current best practices and regulatory changes.

Data Deletion and Management

  • Data Deletion Requests
    • Field data deletion requests promptly and delete data when requested, provided there is no legal obligation to retain it.
  • PII Collection Notice
    • Display or link to our data privacy policy whenever collecting PII from donors or organizations. The notice must include:
      1. Explanation of what data is collected.
      2. Reasons for data collection.
      3. How the data will be used and protected.
      4. With whom the data will be shared.
      5. Information must be provided before the collection of PII.
      6. Updates to the policy as business practices evolve.
      7. The notice requirement extends to both applications and employee interactions as applicable.
  • Consent Requirements
    • Obtain consent in the following circumstances:
      1. Collecting, using, or processing PII, including sensitive personal information.
      2. Sharing PII with any third party.
      3. Transferring PII outside of the individual’s country of residence.
      4. Using PII to market Endaoment goods or services.
      5. Using or placing web cookies on an individual’s device.
  • Consent Withdrawal
    • Allow individuals to withdraw consent or object to data processing, requiring Endaoment to stop processing, using, or sharing the individual’s PII within 45 days.

Communication Controls

  • CAN-SPAM Compliance
    • Ensure all marketing emails include the following footer elements:
      1. Name of the business.
      2. Physical registered address of the business.
      3. Unsubscribe link.
      4. The text “This is an ad” if the email is marketing-related.

Security Measures

  • Multi-factor Authentication
    • Protect database access with multi-factor authentication utilizing passwords, passkeys, and authenticator applications.
  • Access Controls and Timeout Mechanisms
    • Implement time-limited access to databases, automatically logging out users after a specified period to require re-establishment of access.

Incident Management

  • Reporting Procedures:
    1. Report incidents to compliance via ethics@endaoment.org.
    2. Investigate incidents to determine:
      • PII involved.
      • Root cause.
      • Scope.
      • Involvement of third-party vendors.
      • Confirm containment.
      • Identify individuals impacted, where possible.
    3. Determine whether a data breach has occurred.
    4. Maintain documentation related to the incident, including:
      • Root cause and containment efforts.
      • Description of personal data elements involved.
      • Analysis for individual or regulatory notification requirements.
      • Relevant notification correspondence, if required.
    5. Implement corrective measures to prevent future incidents.
  • PII Incident Definition:
    • A PII Incident occurs when PII has been or potentially has been exposed to or obtained by unauthorized individuals, constituting a potential data breach.

Privacy Policies and Procedures

  • Documentation
    • All privacy policies and procedures are thoroughly documented, with both internal and external-facing components where relevant.