At UNEP-WCMC, we are committed to being transparent about the use of the User’s personal data – please see the Privacy clause in the ENCORE Terms and Conditions for more information on how we handle personal data on ENCORE.
In addition to securely handling personal data we are committed to ensuring that non-personal User-input data that could be considered sensitive remains secure and confidential. This relates specifically to data uploaded by Users, either via CSV upload or via the online forms, when using the natural capital module and the biodiversity module for agriculture and mining. None of the data the User inputs when generating these Dashboards will be saved, unless the User explicitly chooses to save a Portfolio in the Site. This information can be deleted at any time by managing your Portfolios in the Site.
In addition to the above, we have taken the following precautions to ensure that data remains secure and confidential:
Sensitive data in activity logs
- The activity logs in ENCORE will have sensitive data removed, so selections by a User cannot be seen in any logs for the production (live) site. IP addresses and pages accessed can be seen in internal activity logs, however, these cannot be linked to data input by a User. The logs are accessed via Secure Shell (SSH) public key authentication, so only authorised personnel can access them. This is more secure than standard password protection and only members of UNEP-WCMC’s Informatics team have this access.
- This means if a User does not choose to save a portfolio, then their selections will not be saved anywhere and cannot be seen in the activity logs.
Saved portfolios
- If a User chooses to save a portfolio, their input data will be saved in UNEP-WCMC’s database and associated to the User. As with the logs above, the database is accessed via SSH public key authentication, so only authorised personnel can access the database. SSL encryption has been implemented between the User’s device and the web server, and also between the web server and the database. This means that User data is always transferred securely over an encrypted connection.
Data back-ups
- Backups of the database are stored in an Amazon S3 bucket, which is a cloud storage resource. The bucket is private and requires an Amazon Web Services login. Only UNEP-WCMC’s Informatics team have these login details, which are stored securely in a password management application (LastPass) so that the password need not be shared via any other channels.
If a User does not save their portfolio, then their input data will not be stored in either the main database, or any backups.