Setting the Gold Standard in Privacy
We understand that you entrust us with one of your most valuable assets – data. At Soroco, we strive to earn and keep your trust. Over the years, we have developed four interlocking data privacy and security principles that serve as the core fundamentals of our Task Mining platform, Scout.
A Sound Foundation Is the Only Way Ahead
The Scout principles of privacy have been developed by working with employees, workers’ councils, managers, regulators, and business leaders across Europe, North America, and Asia for the past five years. Our goal is to build a sound and ethical foundation for Task Mining that gives our customers the confidence to discover their work graph at scale. These 4 principles are essential to balance the expectations of multiple stakeholders along their discovery journey:
Principle 1: Opt-in
You Control the Data You Share
The Scout approach to privacy and data protection is grounded in a commitment to the principle of the voluntary and visible contribution of data to our algorithms. Everything we do is “opt-in” for the end-user. We do not do silent, invisible, or “opt-out” configurations of Scout. This is because, when you install Scout, we want to ensure that there is nothing that gets captured without your knowledge and consent. Scout is transparent in enabling every user to see the apps and URLs being accessed and allowing end-users to pause data collection at will.
By default, Scout collects nothing. You have to actively specify the data collection touch-points such as applications and specific URLs (allow list) a user interacts with
You can stop/pause Scout on your machine at any time
You can access insights into your own data at any time and for any reason
If you discontinue the service, Soroco follows strict standards for decommissioning the server
Principle 2: Teams
It’s All About Teams and Not About Individuals
A key principle of Scout is that the insights from Scout are not about singling out or identifying any specific contributing user. We aim to build a shared “map” of people’s experiences at work while keeping each contributor anonymous – similar to how Google Maps or Waze operates. To build this community, it is essential to protect each contributing user’s dignity and privacy. Scout has worked extensively with employees and workers’ councils worldwide to develop this principle that the insights available on the Scout portal focus on teams and not specific individuals.
User IDs are anonymized in memory at the point of collection at the end-users desktop
There is no way to know an individual’s name, login ID or email address through the Scout insights
Data collected by Scout is immediately encrypted and is sent to the Scout Portal in batches inside an encrypted communications channel
When received by the Scout Portal, data is unencrypted, processed and stored with server encryption keys
Principle 3: PII
Most Advanced Built-in Privacy Filters
Scout gives utmost importance to protecting the rights of an enterprise. This is one of the reasons Fortune 500 customers belonging to sensitive sectors such as Investment Banking, Retail Banking, Commercial Banking, Insurance, etc., have trusted Scout and deployed the same on their crucial business processes. Scout focuses on the careful handling of sensitive data to help customers meet their internal and regulatory requirements. It’s a state-of-the-art solution focusing on reducing and eliminating risks related to PII.
Standard sensitive information collected is immediately scrubbed at the OS level, at the point of data collection itself – and never gets inside the Scout server
Scout does not use computer vision / OCR as a primary data collection method. No additional privacy gateway is needed to be installed to deliver PII filters
Custom regular expressions can be created to further expand the scrubbing criteria at the source
Customers can designate specific applications as “low-fidelity,” meaning that Scout does not show detailed field and element level detail from these applications
Scout supports an expanding set of additional granular PII filters through its SODA API interface
Principle 4: Hosting Flexibility
Additional Layer of Control on Data at Rest
At Scout, we understand that the physical location of data at rest is a complex and sensitive topic. We have carefully developed our machine-learning stack to give you control over where you want to host Scout – either on your AWS/Azure cloud instance or on ours. Data is always stored on a secured cloud and in a legal jurisdiction of the clients’ choosing. This means that our customers have complete control over the Scout data at rest and can trust in their own security and firewall practices. If you would like us to host, Soroco deploys combinations of preventive, defensive, and reactive controls to help protect against unauthorized activities and access; while also taking away the cost and headache of managing the infrastructure.
Scout cloud install is GDPR compliant
Soroco can host Scout at no extra cost to you
Scout can be hosted in the legal jurisdiction of your choosing
Scout data can be collected, processed, and stored entirely behind your firewall. You don’t need to move your data outside your firewall if you don’t want to