Transfer and storage of data within Lux Insights takes place only on our cloud server which is accessible only via OpenVPN to provisioned users.
All of Lux’s workstations and file server access require staff to login using a provisioned user account that is secured with strong passwords (including upper and lower case letters, a number and a symbol). Passwords require changing every three months.
User access to our cloud server is managed by our IT administrators (President and IT consultant, Simply Computing) that grants workstation and server access at various levels for read only or read/write privileges.
Similarly, Lux’s email system is administered with the same principles for identity management. The email system is hosted securely via Office365.
Employees and service providers are restricted from taking personal information off-site on USBs and laptops. If the transfer of personal data is required directly to or from clients or to a trusted research partner, Lux’s policy is to transfer the data using secured OneDrive file shares that are password protected, access controlled and expire after 10 days. Lux can also use secured file share applications/sites specified by our clients.
Lux has strict security protocols governing the transfer and storage of data to our sub-contractors. Lux’s policy is not to disclose any personal information to any sub-contractors unless it is absolutely necessary for the sub-contractor to complete their work (such as contacting opted-in participants to recruit for qualitative interviews). For example, we strip personal information out of data files sent for coding. The sub-contractors to whom we do disclose personal information (e.g., for recruitment purposes) comply with FIPPA regulations.
Transfer of data between Lux Insights and sub-contractors happens in the following ways:
- Preference for secured OneDrive file shares with password protection, user access control and links that expire.
- Encrypted and password protected files via email. Lux’s email system is hosted Microsoft Office 365 on their Canadian Servers. Any files sent are encrypted and password protected. Passwords used are all strong passwords requiring at least 8 characters, numbers and letters, upper and lower case and a symbol. Passwords as always sent separately from original data files. Lux’s email system and its data security are outlined above.