Protecting Personal Data with ActivID AS
ActivID AS manages users’ sensitive information (Secret Information and potentially Personally Identifiable Information (PII)). For example, when identifying your users by their email address, or using their mobile phone number to send them SMS OTPs, PIIs are stored in the ActivID AS database.
If your organization acts as a Data Controller and some of your users are European Union (EU) or United Kingdom (UK) residents, the ActivID AS data protection capabilities will help you comply with the corresponding EU and UK General Data Protection Regulation (GDPR) principles.
Depending on the customer deployment, ActivID AS can manage two different types of Sensitive Information - Secret Information and Personally Identifiable Information (PII).
Examples of Secret Information | Examples of Personally Identifiable Information (PII) |
---|---|
Personal Identification Numbers (PIN) |
Identification data specific to a person (name, address, identifying number or code, telephone number, Email address, any locally unique number tied to an individual (for example, an account name), etc.). |
Answers to security questions | Biometric data (fingerprints, digital color photograph, etc.) |
Credentials to connect to third-party systems | Personal status data (military status, grade, rank, etc.) |
Secret cryptographic keys | Credential identification (Credential issuance location, credential serial number (all past and current device ID numbers will be held), Digital certificate(s) serial number, Public Key Infrastructure (PKI) certificates or a public key itself, etc.) |
Organization Identification (government agency code, department code, etc.) | |
Infrastructure identification that can be used to identify uniquely a corresponding individual (Terminal S/N, personal device S/N, device IP address, etc). |
ActivID AS relies on its authentication and access control capacities to prevent unauthorized third-party access to Sensitive Information.
ActivID AS also reinforces the protection and control of stored and exported data in compliance with security best practices and official regulations (such as the European Union’s General Data Protection Regulation (GDPR)).
Topics in this section: