DATA Privacy & security Policy

Corcoran Consulting Group, LLC, (CCG) puts forth good faith efforts to maintain the privacy and security of its own and client or potential client data and contracts only with reputable organizations for data management, storage, backup, and transmission.

  • CCG regularly executes non-disclosure agreements with clients and potential clients, using industry-standard terms and conditions. All contractors/agents of CCG fall under this non-disclosure agreement and have executed a corresponding non-disclosure agreement with CCG.

  • CCG makes client and potential client data accessible to contractors/agents solely on a need-to-know basis. Access is removed upon completion of a project assignment.

  • CCG employs strong, unique, encrypted passwords for various online accounts to isolate and minimize the potential footprint and impact of a data breach and stores these passwords in an encrypted vault in LastPass (see LastPass privacy and security policies here).

  • CCG generally employs both biometric authentication and two-factor authentication wherever possible to limit access to unauthorized or unknown users or devices.

  • CCG regularly uses one or more tools to capture notes electronically and/or to record and transcribe online or in-person meetings. The tablet device is secured with an encrypted password and a forced factory reset after repeated failed access attempts. Meetings notes, transcriptions, or recordings are accessible solely to CCG principals. Tools used in this manner are generally configured to comply with applicable disclosure guidelines. However, by agreeing to an engagement with CCG, clients explicitly agree to the use of these tools, even if such usage falls short of compliance with applicable authorities governing disclosure.

  • CCG may provide an edited copy of a recording, e.g., a webinar or workshop, to clients pursuant to the scope of work. Upon request, CCG may share recordings or transcriptions of other meetings. Under no circumstances will CCG share notes, recordings, or transcriptions of interviews or meetings conducted in the course of an engagement, particularly when strict confidentiality is promised in return for candor.

  • CCG client or potential client data is stored in one or more cloud-based platforms and replicated locally as needed (see Dropbox.com privacy and security policies here, see ReMarkable privacy and security policies here, see Fireflies.ai privacy and security policies here).

  • CCG data is automatically and regularly backed up to a cloud-based platform in an encrypted format (see iDrive.com privacy and security policies here).

  • CCG email is accessed, stored, and backed up on a cloud-based Exchange platform and accessible on authorized and protected devices (see Cloudscale365 privacy and security policies here) and/or accessed, stored, and backed up on a cloud-based Google Workspace platform and accessible on authorized and protected devices (see Google Workspace privacy and security policies here).

  • CCG relies solely on Apple computer and telephone devices with iCloud security enabled, including remote lock and remote wipe capabilities (see more about Apple Secure Enclave here and see Apple iCloud privacy and security policies here).

  • CCG has minimal reliance on physical/hard copy files during a client engagement. At the conclusion of a project, CCG retains no physical/hard copy files related to any client engagement, except for invoices, expense receipts, and other documents related to state and federal tax filings, none of which contain client confidential information.

  • CCG destroys physical/hard copy documents by employing a standard level-three cross-cut paper shredder.

  • CCG destroys online data from Dropbox, Cloudscale365, iCloud, Google Workspace, or other relevant platforms as appropriate by deleting the relevant files from both the cloud platform and local devices. For SSD devices, files deleted from the hard drive space are automatically overwritten and unrecoverable. For all other devices, files are overwritten, and the hard drive space is redeployed using Apple’s Erase Free Space protocol. Deleted files and folders are automatically removed from cloud-based backup servers in due course per the relevant policy for each provider.

  • CCG devices are wiped clean using Apple’s various protocols (here and here) and restored to factory settings before disposal or redeployment, to ensure no data is retained.

  • CCG’s primary office is a dedicated space with restricted access protected by a keypad door lock and 24/7 video monitoring using end to end encryption (see Ring E2EE policy here).

  • CCG’s office provides internet access using dedicated physical and wireless access not shared with any other party. CCG employs standard firewall and VPN services (see Firewalla and ExpressVPN privacy and security policies here, here, and here).

  • CCG may, from time to time, access client data via cloud services provided by a client, such as through a secure portal or document management system. CCG’s data protection policies apply only after data is transferred to CCG and do not extend to any client-provided services.

  • CCG will provide prompt notice to any impacted client in the event of a data breach incident, whether to CCG systems or to a service provider’s systems. Such notice will provide details on the nature of the incident and related remediation efforts executed or underway. CCG will make good faith efforts to ensure such notice and incident remediation comply with applicable laws and regulations. By agreeing to an engagement with CCG, clients explicitly agree to this standard.

  • CCG deliverables and/or IP, including physical or electronic copies of written reports, presentations, recordings, transcripts, or proposals are not “work for hire” and remain the proprietary, confidential, and copyrighted property of CCG. CCG grants each client a perpetual license to use the deliverables internally, on an as-needed basis, in any manner that . CCG deliverables or IP may not be shared with external parties.

  • CCG may, from time to time, unless otherwise restricted, incorporate or refer to general findings or observations from client engagements in presentations or speeches. In such cases, all data or graphics are stripped of identifying characteristics so no content is traceable to the source. CCG will secure specific permission in advance for any findings or observations attributed to a specific client.

  • CCG may, from time to time, unless otherwise restricted, include client organization names in a general client roster, without reference to the nature or scope of work. Inclusion in such a list does not imply endorsement or recommendation of CCG services.

  • CCG clients, by agreeing to an engagement with CCG, agree that a refusal to pay an outstanding CCG invoice automatically waives CCG’s data privacy and security policies and any other related confidentiality obligations.

  • Please address any questions or concerns on this policy by phone or email here or by postal mail here.

Last updated November 2024