April 29, 2016
Copyright © 2004-2016
BCC Software, LLC
All rights reserved.
DATA MARKETING SERVICES SECURITY AND PRIVACY STATEMENT
As an NCOALink® Full Service Provider, BCC Software must comply with all USPS® terms and conditions for security and privacy as stated in the USPS NCOALink Security Documentation. Lists and list owner information received by BCC Software will be treated as the confidential property of sender. The lists will not be sold, duplicated, disseminated, transported or used for any other purpose other than is necessary for the performance of the processing service(s) requested by sender. The list owner information will be used only to meet the requirements stated in the NCOALink Full and Limited Services Provider License Agreement and Performance Requirements https://ribbs.usps.gov/ncoalink/documents/tech_guides/FSP_INFO/FSP_LICENSE.PDF and not for marketing purposes.
Data Marketing Services are services provided by BCC Software, a leading provider of Move Update and list processing services for professional mailers. BCC Software is committed to protecting the security and privacy of information provided by, or regarding, clients.
To fulfill a Data Marketing Services order, certain information must be gathered for processing, including:
The above information is retained by BCC Software for up to three months, for quality assurance purposes and/or in accordance with USPS licensing requirements. After three months, all address list data pertaining to an order is discarded/deleted (except when otherwise required by USPS) using a secure wipe and delete methodology. Order details are maintained in a separate CRM program.
One of the key features of Data Services wizard is the protection of your data. When a list is sent for processing using BCC Mail Manager/LE/Full Service software, the list and all details about the order are stored in a Job File. There are two types: Job files (.n01) that are created and sent to BCC Software for processing and Return Job files (.u01) are files returned to the customer after processing. Both types are encrypted using Triple DES (http://en.wikipedia.org/wiki/Triple_DES) using keying option 2, with an effective key length of 112 bits. For added security, the software forces the user to password protect the job. Access to job files is limited by use of a password created by the client. The password may be up to 64 characters in length (no minimum number of characters is required), and must be entered before any Job File information may be viewed. Certain information (e.g., shipping and billing information) are accessible only to authorized BCC Software employees.
Data Marketing Services jobs specifying NCOALink FSP, NCOALink LSP, DPV®/LACSLink®/SuiteLink®, or DSF2® processing are performed entirely in-house by BCC Software. For Suppression and ARS processing, BCC Software uses a third party provider (Infogroup for Suppression services) and Experian (for ARS services) to process these jobs. For the latter processes, BCC Software must share the mailing list supplied for processing with the designated licensee that performs the service.
To ensure security and privacy, all data transferred between BCC Software and a third party is also encrypted using PGP. Only information necessary for the completion of the job is shared with the licensee, and no customer-identifiable information is ever shared by BCC Software with any third party. Some third party providers also support Secure File Transfer Protocol (SFTP).
Network Security: BCC Software has a packet inspection firewall, full anti-virus scanning with internet facing servers on a protected service network. Additional security measures and controls include (1) access to certain data is restricted to only specific user accounts that require complex passwords which are routinely changed and (2) user accounts have specific permissions granted based upon need.
Physical security controls employed at our building include: