Personalised Video combines the power of personalisation with everyone’s favourite type of media: video. As with any form of content, adding personalisation requires customer data — the details that make one video different from another and make each video unique to the viewer who receives it.
Personalisation is a boon for the digital experience. Research shows that personalisation boosts ROI, and most consumers want personalisation. In fact, they’re 72% more likely to share data with brands if it allows for a more personalised experience. But anytime you’re using personal data, it’s important to be careful with it. That’s especially true in industries like healthcare and finance where data is even more sensitive. There’s no way around it: personalisation demands data security.
Personalised Video is no different. When you’re choosing your Personalised Video provider, make sure their level of data security meets your needs. This article outlines the robust security protocols we follow here at Idomoo to protect customer data along with some examples of what to look for as you evaluate different Personalised Video vendors.
ISO 27001 Information Security Certification
When you’re researching companies to see if their data security standards are at the appropriate level, checking certifications is essential. Certification proves that the organisation meets a preestablished set of criteria by a trusted and independent third party.
For information security management systems, ISO 27001 is globally recognised as the leading standard. ISO 27001 certification shows that an organisation follows specific, rigorous requirements to support data protection and boost their resilience against cyber attacks.
Idomoo has been ISO 27001 certified since 2015, and we continually update our certification to meet the latest set of ISO standards. You can read more about this topic and download our certification in our Academy article.
SOC 2 Type 2 Compliance
Idomoo is also SOC 2 Type 2 compliant. Administered by the American Institute of CPAs (AICPA), this credential for service organisations focuses on evaluating controls related to security, availability, processing integrity, confidentiality, and privacy over an extended period, typically six months to a year. The “Type 2” aspect ensures that controls aren’t just on paper but are effectively implemented and maintained in practice.
Soc 2 is key for Personalised Video providers where handling sensitive customer data is a top priority. This offers assurance that we take data privacy and compliance seriously, going above and beyond to demonstrate real-world, sustained commitment to security.
Part of the SOC 2 Type 2 compliance process involves engaging a third-party auditing firm to conduct the assessment, following the AICPA’s stringent criteria. The audit includes a detailed report, summarising the findings. This report is available to Idomoo clients to showcase our dedication to safeguarding customer data.
As a data-driven company, data security and privacy vigilance is inherent in how we operate. All employees conduct regular security training, including additional in-depth training for anyone who works with customer data.
Along with the security protocols we follow to remain compliant with ISO 27001 and other standards, cyber security vulnerabilities are scanned regularly on our platform, and a penetration test is conducted by a third party at least once a year. This guarantees our platform is resilient against evolving cyber threats.
Regular Security Audits
A certification is just the starting point. When we think about data security in practice, it’s helpful to know if and how the system has been tested for potential cyber threats. What does that mean? In a word, audits.
Some of our clients, particularly financial institutions, have required security audits before working with us. These include USAA, Pennymac, US Bank, BT, Activision and many more.
These audits are conducted by a third party, typically an external cyber assurance company. They are comprehensive and conducted annually — and we’ve passed every one.
Personally Identifiable Information (PII)
PII — or personally identifiable information — is just what it sounds like: data that is unique to you and can be used to identify you. Your first name isn’t PII, but biometrics and national ID numbers (such as a social security number in the U.S.) are.
This is the most sensitive type of data. The good news is that we don’t use PII for Personalised Videos. Videos greet customers with their first name, just like a person would. It’s part of the reason we say data-driven videos add a “human” touch.
No Data Saved
We also don’t save any data about our customers’ customers. Only data required for the video is transferred to our platform. We do both real-time and batch rendering. Real-time rendering happens instantly, and data isn’t stored.
For batch rendering, the necessary information is kept encrypted for a short time until the process is complete and the customer takes the data file. Data is deleted immediately after the video generation process is done.
Secure Data Transfer
Especially important, data is always sent securely. To send data, our clients can use either SFTP or secure API. The API uses OAuth 2.0 and signature validation.
All of this is better than industry standard or other common ways of passing data in the URL’s query string, which can be easily manipulated without server side data authentication. Read more in our Academy article.
Personalisation Native to the Video
We usually talk about native personalisation as it affects quality, particularly in live-action sequences. Think of a license plate with your name (added dynamically via our platform) looking like an actual license plate filmed with your name on it.
But this concept matters for data security, too. Because personal data is encoded directly into the video, the video itself is more secure. Data doesn’t appear as a separate plain-text overlay such as HTML, where someone can access the code to manipulate the dynamic text.
Our personalised data is added in Adobe After Effects, just like any other video element. It’s part of the video.
Additional Data Privacy Compliance
As with security certifications, you’ll want to check if your Personalised Video platform is compliant for any standards your organisation needs to meet.
For example, compliance for HIPAA, or the Health Insurance Portability and Accountability Act, is a common one for U.S. healthcare organisations. Designed to protect the privacy of personal health information and enforced by the Department of Health and Human Services, HIPAA compliance is mandatory for many healthcare providers, and since we work with health and wellness companies, Idomoo is compliant with federal HIPAA requirements.
We are also GDPR compliant. Per the General Data Protection Regulation that went into effect in 2018, we have ensured that all customer data is handled as required by this EU law. Similarly, we are compliant with the California Consumer Privacy Act (CCPA). CCPA compliance involves a yearly audit to make sure we adhere to policies and procedures that protect and strengthen consumer privacy rights.
A Proven Track Record
Keeping your customers’ data safe is always a priority. While personalisation enhances digital communications, it also requires top-notch security protocols. That’s true whether you’re including customer data in an app, email, text message or web page — or a video shared via any of these mediums.
At Idomoo, we’re committed to the highest levels of data privacy. We work with the world’s leading brands, including financial and healthcare institutions such as JPMorgan, Mastercard, NHS and NewYork-Presbyterian where data security is paramount. And we maintain our security standards on an ongoing basis with regular audits, improvements and checkups.
If you have questions about data security at Idomoo, we invite you to contact us. And if you want to see a demo of how data-driven video works, we’d love to show you behind the scenes.