April 24, 2014
Copyright © 2004-2014
Bell and Howell, LLC
All rights reserved.
DATA MARKETING SERVICES SECURITY AND PRIVACY STATEMENT
As an NCOALink® Full Service Provider, Bell and Howell must comply with all USPS® terms and conditions for security and privacy as stated in the USPS NCOALink Security Documentation. Lists and list owner information received by Bell and Howell will be treated as the confidential property of sender. The lists will not be sold, duplicated, disseminated, transported or used for any other purpose other than is necessary for the performance of the processing service(s) requested by sender. The list owner information will be used only to meet the requirements stated in the NCOALink Full and Limited Services Provider License Agreement and Performance Requirements https://ribbs.usps.gov/ncoalink/documents/tech_guides/FSP_INFO/FSP_LICENSE.PDF and not for marketing purposes.
Data Marketing Services are services provided by Bell and Howell, a leading provider of Move Update and list processing services for professional mailers. Bell and Howell is committed to protecting the security and privacy of information provided by, or regarding, clients.
To fulfill a Data Marketing Services order, certain information must be gathered for processing, including:
The above information is retained by Bell and Howell for up to three months, for quality assurance purposes and/or in accordance with USPS licensing requirements. After three months, all address list data pertaining to an order is discarded/deleted (except when otherwise required by USPS) using a secure wipe and delete methodology. Order details are maintained in a separate CRM program.
One of the key features of Data Services wizard is the protection of your data. When a list is sent for processing using BCC Mail Manager/LE/Full Service software, the list and all details about the order are stored in a Job File. There are two types: Job files (.n01) that are created and sent to Bell and Howell for processing and Return Job files (.u01) are files returned to the customer after processing. Both types are encrypted using Triple DES (http://en.wikipedia.org/wiki/Triple_DES) using keying option 2, with an effective key length of 112 bits. For added security, the software forces the user to password protect the job. Access to job files is limited by use of a password created by the client. The password may be up to 64 characters in length (no minimum number of characters is required), and must be entered before any Job File information may be viewed. Certain information (e.g., shipping and billing information) are accessible only to authorized Bell and Howell employees.
Data Marketing Services jobs specifying NCOALink FSP, NCOALink LSP, DPV®/LACSLink®/SuiteLink®, or DSF2® processing are performed entirely in-house by Bell and Howell. For Suppression and ARS processing, Bell and Howell uses a third party provider (Infogroup for Suppression services) and Experian (for ARS services) to process these jobs. For the latter processes, Bell and Howell must share the mailing list supplied for processing with the designated licensee that performs the service.
To ensure security and privacy, all data transferred between Bell and Howell and a third party is also encrypted using PGP. Only information necessary for the completion of the job is shared with the licensee, and no customer-identifiable information is ever shared by Bell and Howell with any third party. Some third party providers also support Secure File Transfer Protocol (SFTP).
Network Security: Bell and Howell has a packet inspection firewall, full anti-virus scanning with internet facing servers on a protected service network. Additional security measures and controls include (1) access to certain data is restricted to only specific user accounts that require complex passwords which are routinely changed and (2) user accounts have specific permissions granted based upon need.
Physical security controls employed at our building include: