Privacy : Phorm : Privacy Audit

Privacy Audit

Click here to download the complete attestation from Ernst & Young (PDF)

Privacy is of the utmost importance to Phorm and we are committed to protecting the privacy of Internet users. As such, we commissioned Ernst & Young to conduct an independent examination of our systems and assertions as part of this commitment. The following components of our privacy program were examined by our auditors:

Phorm's privacy policy, controls and procedures
Phorm's compliance with its stated privacy policy
Phorm employees' privacy policy training and compliance
Data retention, integrity and security policies and procedures.

We are pleased that the attestation report (PDF) confirms that Phorm's systems have been found to be designed specifically to protect the identity and other sensitive information of consumers in the following key ways:

I. Phorm's systems do not use or intentionally store or collect personally identifiable information from consumers.
Phorm is able to do this as Phorm's systems:

Do not tie into the authentication systems of our ISP partners;
Do not store the IP address, which is potentially another mechanism to identify a consumer household;
Ignore information such as form fields, numbers with more than 3 digits (to protect against the accidental collection of social security, telephone and credit card numbers), email addresses and secure (HTTPS) pages.

II. Phorm has established industry-leading standards regarding storage, retention and deletion of data.
Storage, retention and use of consumer data are currently key concerns in the online advertising industry. Phorm's systems collect browsing information such as URLs visited, search terms entered, OS version, relevant keywords of a particular page and randomly-generated unique IDs. Importantly, however:

This specific data cannot be accessed by our ISP partners.
Even this non-personally-identifiable information is automatically purged from the production system immediately. (Research and debug logs may be kept on a separate system for a maximum of 14 days).
Once the system purges this data, it is not possible for us to release it, either accidentally or deliberately.

III. An Easy Opt-Out Mechanism
We offer an easy, anonymous method for users to opt out of Phorm's systems if they would rather not receive targeted advertising and content. For as long as a user retains the Phorm opt-out cookie, the system will not collect or store data on their browsing behavior.