Securing your data in Altegio

A situation where a team member leaves for another job and takes the client database with them is nothing new for many businesses. They may sell it to a future employer or use it for personal purposes.

Information security measures in Altegio #

1. Create a separate account for each user. Altegio has activity logging that lets you track each user’s actions.
2. Restrict access to clients’ phone numbers in the client database. Disable exporting the company’s client database to Excel. To do this, uncheck the relevant boxes in the user’s access-rights settings. You can do this in Settings > Team > team member name > Access, in the All Clients section. Detailed instructions are provided in the article.
   After these settings, the user will see XX symbols instead of the digits of the phone number.
3. Restrict the user’s ability to delete or edit client appointments in the appointment calendar. Detailed instructions are provided in the article.
4. Verify that the applied access-rights settings are correct via the admin panel or using a test account. It is not recommended to use team member’s login credentials to access the system, because account access should be personalized.
5. In Reports > Activity Logs, you can see who requested which data and when. You can also download an export file there if you have rights to this section (the list of sections available for export is provided in the article).

In addition to Altegio settings, the law also helps protect your client database.

Important

Please note that a client database typically contains clients’ personal data. Its processing is regulated by personal data protection laws in the country where the user operates. The service user acts as the operator (controller) of such data and must ensure lawful processing, including taking organizational and technical protection measures.

Legal aspects of data protection #

A client database can be classified as confidential information that constitutes a company’s trade secret, and using it for personal purposes without the consent of the information owner is punishable by law.

For this information to be considered confidential, certain conditions must be met.

Signs of a trade secret #

• The information must have commercial value and must not be publicly known.
• No lawful access. There may be ways to grant access voluntarily (licensing, franchising, etc.).
• Measures to protect the confidentiality of the information.

To give information trade-secret status, the owner must complete the required procedures:

• Develop a trade secret protection policy listing what information is considered a trade secret.
• Approve the policy by an official order and put it into effect.
• Approve the list of persons who may use this information (for example, administrators — and service providers if necessary).
• Approve the procedure for using this information.
• Specify in the employment contract or an addendum the requirement to comply with the trade secret policy and bear responsibility for violations.
• Have team members acknowledge all documents with their signature.

The nature and scope of information that constitutes a trade secret are determined by the information owner, who is also responsible for protecting its confidentiality.

What to do if you suspect the client database has already been stolen #

1. Contact Altegio Support with a request to provide information about users’ actions in the system. Technical data is provided in accordance with the privacy policy and terms of use. This way, you can find out which team member stole the database.
2. Contact the team member and ask them to return or delete the client database.
3. If the team member denies guilt, state that you have evidence of theft and intend to go to court.
4. Go to court and provide the web server logs.