Smarty and Personally Identifiable Information
PII (Personally Identifiable Information) is any information that permits the identification of an individual either directly or indirectly. What is considered to be PII varies based on industry, location and how pieces of information are combined. PII may include things like phone numbers, name, email addresses, social security numbers and dates of birth.
The General Data Protection Regulation (GDPR) and The California Consumer Privacy Act (CCPA) are laws that originated to give people more control over their personal information. Smarty (formerly SmartyStreets) takes these laws and user’s PII seriously and offers three separate options for protecting user privacy. Active PII Redaction, Enhanced Data Privacy and an On-Premise Solution are effective privacy solutions we offer.
Submit Address-Only Lists
Smarty only needs an address file in order to parse, standardize and validate addresses. We don’t need any PII to validate an address and companies don’t want to share it either. Smarty is serious about security and we encourage users to send only necessary data.
Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” and that certainly applies to sending out PII will-nilly. If you don’t send out PII, you never have to worry about it getting into the wrong hands.
Active PII Redaction
In the event a user does send us personally identifiable information in their address list, upon receipt, Smarty enterprise plans will seek out and eliminate any PII found. We look for data that is patterned like phone numbers, birthdays, social security numbers and emails and then redact the information prior to logging. Actual submitted address data is not considered PII and is therefore logged.
That means nobody (including us) can access PII from our logs because it simply isn’t there. Any personally identifiable information remains safe.
Enhanced Data Privacy
Enhanced Data Privacy also commonly referred to as "incognito mode" is an optional feature in the Platform that a Client may elect to purchase that prevents Client Data and or Personally Identifiable Information (PII) from ever being logged at the point of submission or Provider's APIs.
Client Data submissions are accessed only momentarily in Random Access Memory (RAM), just long enough to process and deliver results back to the Client. Upon completion of the process, any residual Client Data in the system's RAM is dumped or "garbage collected" and written over by subsequent transactions.
Active PII Redaction and Enhanced Data Privacy look pretty similar. That is because they are very similar. Here are the differences in simple terms.
Active PII Redaction is where we black out any PII with a metaphorical, big, black permanent marker and we leave the anonymized addresses in our logs. Enhanced Data Privacy is where we throw your entire request, addresses, PII and all into the gaping maw of a volcano and use a Men In Black style Neuralyzer on ourselves to wipe the event from our memories entirely.
For total control of data deployment and maximum security, Smarty offers a “Client-hosted” local installation. Our licencing agreement allows clients to download our software in their own secured environment.
Clients can still access our current address database without performing outbound calls and eliminate the release of any private or sensitive data externally. On-premise solutions are available for our unlimited enterprise plans.
Because your data never leaves your system, Smarty never receives it. You have complete control over your data.
To determine which of these options is best for your company, please contact our Enterprise Sales Team. They can help you evaluate the options and decide which solution is best for you.