Reply
New Member
RobinS820
Posts: 1
Registered: ‎08-16-2011

Need References

Hello I am the Marketing Coordinator at a Bank and we are new to Constant Contact.  Before I can get started utilizing CC, my Compliance Department is looking for references from 3 Banks who are members regarding any security issues.  The concern is that this could be in violation (gray area) of our Privacy Policy and there is fear that if CC is hacked, it will put our customers information at risk.  Would any of the banks out there care to provide me a reference?

 

Thank you!

Jarrad_M
Posts: 1,982
Topics: 276
Kudos: 234
Solutions: 89
Registered: ‎10-18-2010

Re: Need References

Hi Robin,

 

Welcome to the Community! I don't have any references for you, but I went ahead and sent a tweet out of this post. Hopefully we'll hear something soon.

 

 

Thanks

Jarrad

If you find my post helpful, and it answers your question, please mark it as an "Accepted Solution"

Are you on Twitter? Follow me here!
Occasional Visitor
VirginiaH42
Posts: 2
Registered: ‎08-20-2011

Re: Need References

[ Edited ]

Robin,

 

Have you asked CC for a report on their security.  A company the size of CC should be able to provide you with SAS 70 type 2 report the expresses an independent third party opinion on the controls and safeguards that CC has in place.  This would be stronger than references from three banks.  However, having managed compliance and worked closely with regulators for decades, I understand your compliance officer's need for comfort.  In my opinion relying other bank recommendations provides a false sense of security.  Investigate CC and work with your compliance officer to draw your own conclusion.  Be sure to gather and assemble the evidence to support it.

 

 

 

David Hanick

Certified Public Accountant

DHanickCPA@gmail.com

 

If you find my post helpful and it answers your question, please mark it as an accepted solution!

 

 

Jarrad_M
Posts: 1,982
Topics: 276
Kudos: 234
Solutions: 89
Registered: ‎10-18-2010

Re: Need References

Hi,

 

A SAS-70 is used when a 3rd party is retaining financial or other sensitive information of another. Constant Contact Inc. is hosting your contact information lists (mainly their name, email address and correspondence. No credit card details.)  In section 9.4 of our Terms and Conditions http://www.constantcontact.com/uidocs/CCSiteOwnerAgreement.jsp) it is documented that we do not share our customer's lists with anyone unless to comply with the law.

 

"In using the varied features of the Products, you may provide information about yourself or your employer (such as name, contact information, or other registration information) to Constant Contact. Constant Contact may use this information and any technical information about your use of the Products to tailor its presentations to you, facilitate your movement through the Product, or communicate separately with you. If you accessed the Products as a result of solicitation by a marketing partner of Constant Contact, Constant Contact may share your information with the marketing partner and the marketing partner may share related information with Constant Contact. Except as described above. Constant Contact will not provide your information, including your contact and account information, to third parties who you have not authorized to receive such information, except (i) as required by law or court order, including without limitation judicial process and law enforcement, or in the good-faith belief that such action is necessary to comply with law or a court order or (ii) if your Constant Contact account was terminated due to unsolicited commercial email being sent from your Constant Contact account. Constant Contact will never sell or rent your contact lists to anyone without your permission, and will never utilize your subscriber or contact list for internal marketing or promotional purposes or for any purpose other than providing the service.  Constant Contact acknowledges your ownership right in your contact lists. In the event Constant Contact amends or revises the policy described in the immediately preceding sentence, it will provide advance notice of such amendment or revision."

 

Constant Contact, Inc. as a publicly traded company is required by law to have controls in place over its financial and production environments, Documentation regarding these controls can be found at the S.E.C website at http://sec.gov/edgar/searchedgar/companysearch.html under our ticker symbol of "CTCT".

 

Please also feel free to view our FAQ 'How is data security managed on Constant Contact servers?'



 

Thanks,

Jarrad

If you find my post helpful, and it answers your question, please mark it as an "Accepted Solution"

Are you on Twitter? Follow me here!