The safest place for your valuable data is in a locked vault behind a steel door. However, if you can't access your data then it is no longer very valuable!
When organizing, it is important to strike a balance between availability and privacy. Both PTP and each organization using PowerBase have a role to play in striking this balance.
PTP's role
Encryption and updates
We at PTP do our part by storing your database only on servers with encrypted disks that we fully own and operate, using state-of-the-art https settings to ensure all data is encrypted between our servers and your computer, carefully auditing which administrators have access to our servers, and ensuring your database receives prompt security updates.
In addition, when providing access to your data, we either enable you to download it directly from your database while logged in or we provide a dump via our secure file download site, which provides for one-time downloads.
Backups
Every night, your database is backed up and saved on both your server and at least one other server in another city.
On the first of the month, your nightly backup is tucked away so we can always restore a backup from the first of any month going back a full 12 months
In addition, we take advantage of the backup service provided by May First Movement Technology, which makes an incremental backup going back 10 days, allowing us to recover databases for any given day going back 10 days.
Protection from subpoenas
The Progressive Technology Project is a movement organization and we are committed to the same fights that our partners are engaged in. Our privacy policy unequivocally describes our commitment to keeping your data safe.
Furthermore, we partner with May First Movement Technology to help protect our servers. May First Movement Technology has a long history of fighting subpoenas.
Nobody can guarantee with 100% certainty the safety of your data, but we can promise that we will partner with you to the extent possible to protect it.
Your role
The first questions to ask yourself are: how bad would it be if our database was downloaded by the wrong person? Would you be responsible for notifying the people in your database that your data was breached? Would you put anyone in danger? Would it damage your reputation or make it harder to organize?
Some common mistake organizations make when managing their data that can lead to a compromise include:
Using the same password for multiple people, particularly volunteers or interns
This habit often leads to passwords being written down on post it notes, people who have left the organization retaining access to the database, and making it difficult to change a password that may be compromised.
- Always use a different password for each user
- Discourage anyone from disclosing their password
- Actively audit and purge users that no longer need access to the database
Saving passwords in your browser on un-secured devices
We strongly encourage using hard-to-guess passwords, and saving those passwords in your browser is one of the only ways to make that possible. You should do it! But, if you do...
- On your desktop or laptop, use a master password
- On your cell phone - ensure you have a strong pin number (at least 6 digits, not a swipe pattern) and preferably encrypt your device.
Downloading copies of data onto computers, particularly lap top computer that may be stolen.
- Delete CSV or other downloads after you have used them
- Save downloads on local area network file servers (assuming they are secured) rather than on your laptop
- Encrypt your computer's hard disk
Saving data on remote services, like Dropbox
If you are subpoenaed for data on one of our servers, you may fight the subpoena, and PTP will fight the subpoena, but will other services holding your data?