Individuals often marvel at the amount of data that we have available with the DNA API. The follow-up question (often with skepticism) is what personal information DNA requires in order to provide it. We can now say: “None”, “zero”, “zilch”, “zip”, “nada”.
With the DNA API, participant data can remain completely anonymous – we don’t need client’s names, emails, date of birth, address, assets, anything. All we need is their responses to the psychometric questions.
Improvements to the DNA API:
Over the past year, we have seen trends of security breaches, data leakages, and data misuse. If your firm is as concerned as we are over this then you should be hesitant to provide any of your data to third-parties. Now, if you don’t have a business reason for us to know the identity of your clients, then simply don’t send it to us.
With the DNA API, client’s results are stored in our database using a GUID – ‘Globally Unique Identifier’. It is a 128-bit integer number used to identify people, places or things. In our case, each participant is assigned a GUID by our API partner. We store this value in our system alongside the behavioral data we have available and use this ID as the “name” of the client going forward.
In addition to modifying how we identify participants; we have also added 100’s of new behavioral insights and area adding 100’s more. We now can measure virtually every human habit an individual has for investing, life, working, or decision-making. If you are interested in learning more about our API, access the guide below.
Clients data is anonymous and lasts forever:
On client demo calls, we are often asked: “if the data remains anonymous on your system, how do you manage clients as they retake the process each year.” The beauty of the Natural Behavior product, the backbone of our API, is that clients do not need to retake the process, ever.
The results last a lifetime with our Natural Behavior assessment, unlike many other behavioral products out there. Natural Behavior is built using a forced-choice model which removes situational bias- this allows us to measure a client’s instinctive behaviors that don’t change after age two. This means that clients don’t have to re-take our assessment and their investing, work, and decision-making habits we provide insights on last a lifetime.
Other security measures we take to bolster security:
In addition, to allowing individuals to remain anonymous in our system, we have also taken many measures over the years to increase overall system security and align our processes with industry best practices. Below are some of the measures taken to ensure the security of the DNA Systems.
Active Security Monitoring:
DNA Behaviors application environment is enabled with a security service to actively monitor all of its resources. This system collects and processes security-related data, including configuration information, metadata, event logs, crash dump files and more. These processes help identify securities incidences in real-time.
This security service helps prevent, detect, and respond to threats with increased visibility into and control over the security of the DNA Systems. It provides integrated security monitoring and policy management across the network, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
Security Pen tests:
Throughout the year, DNA Behavior works with an experienced third-party security consulting firm to perform both manual and automated vulnerability scans and penetration tests on our systems. The third-party security experts perform this penetration process using many methods such as those prescribed in OWASP methodology to identify potential vulnerabilities. All the vulnerabilities are then reviewed and fixed by our technology team and a final report is available. This penetration report is available to our client base. To request your copy, contact us.
Undergoing Security Reviews by enterprises:
DNA Behavior caters to all clients, large and small. When we work with large enterprise clients, the team routinely participates in security reviews with their technology team. This provides an objective additional eye on our processes and is readily welcomed by myself and my team.
Reviewing Trends in Security Breaches:
As part of my role, it is my responsibility to regularly review current trends and styles of breaches that are happening to firms around the globe. We regularly review the methods and mode of these breaches and make proactive steps to ensure that we are taking appropriate precautions to prevent a breach of that type.