PRIVACY PRINCIPLES

AT PICNIC, OUR BUSINESS IS SECURITY THROUGH PRIVACY. EXPLORE HOW WE PROTECT PEOPLE BY HELPING THEM SAFEGUARD THEIR PERSONAL DATA—AT WORK AND AT HOME.

Our founders created the Picnic platform with the goal of stopping social engineers by empowering people to take control of their privacy. Industry-leading data security is built into our system, which is deliberately designed to keep detailed personal information private and safe from the bad guys.

Private (not-publicly available) personal information shared with Picnic remains strictly confidential. Sensitive personal information found in the public domain is transformed into a risk number or flag. This transformation protects individual privacy and promotes an ethical stance for the corporate security team.

Picnic monitors users’ online footprint for risks to protect users in cyberspace. Personal data provided to Picnic is used solely for the purpose of protecting the individual user and the enterprise from social engineers. Picnic does not sell users’ information to anyone.

PRIVACY
BY DESIGN

Picnic protects privacy and security by safeguarding personal information. Our platform enables users to control privacy by discerning and managing their public data footprint. While Picnic provides leading-edge data analyses and risk assessments to individuals across the workforce, their non-public personal information shared with Picnic remains confidential. Security teams can manage the overall progress of their employees without interacting with the individual data.

Supporting GDPR and
CCPA Compliance

Picnic helps consumers enforce their rights under these important and evolving laws. We are not only compliant with GDPR and CCPA, but our team also includes legal and policy experts who are actively shaping and enforcing consumer privacy laws and regulations. Our solution has been designed from the ground up to be adaptable to the evolving landscape of global privacy compliance regimes. The core tenets of these privacy laws, such as the right to be forgotten, are designed into our solutions.

Meeting all five Trust Service Principles (TSPs) along with HIPAA Security Rule Requirements

Picnic’s System and Organizational Controls (SOC) 2 Type II report has shown we have effective controls in place to mitigate risks and ensure customer confidence. This report states that the management of Picnic maintained effective controls over the security, availability, processing integrity, confidentiality, and privacy of its platform

Industry-Leading Data Security

Some examples of additional security measures Picnic has taken include:

  • Zero-trust security approach
  • Segmented applications, storage, and processing
  • Industry-leading operational security practices

HOW PICNIC PROTECTS AND PROMOTES EMPLOYEE PRIVACY

PICNIC’S COMMAND CENTER

Picnic’s Command Center application empowers security teams with intelligence derived from publicly available data. The tool is designed to provide power to the security team while simultaneously protecting individual employee data. Specific elements of this privacy-forward solution include:

Picnic Score®

Qualitative and quantitative risk measurement scores enable Picnic customers to drive remediation without needing to handle disparate pieces of sensitive information.

Flags

Specific risk attributes (i.e., employee taxpayer identification numbers, etc.) are shared as flags without disclosing personal data.

APIs

Cleartext credentials and other sensitive items are encrypted before they are shared via a machine-to-machine Application Programming Interface (API).

THE CHECKUP APPLICATION

Employees interact with Picnic through CheckUp, an employee-facing application that provides automated remediation of public information and personalized learning. It reduces an employee’s attack surface, promotes cyber hygiene, and raises security awareness, which improves protection for employees and
the enterprise.

Through this application, employees see detailed views of exposed personal data and are able to remove unwanted online data via built-in tools. Personal information can only be viewed by the individual employees, not by the company. Company versions of this information are converted into risk measures (Picnic Scores®) and Flags for corporate users in the Command Center.

 

Privacy-as-a-Benefit

CheckUp is an employee benefit. Employees can extend CheckUp protection with family invites. No data about external parties, such as family who are invited via a personal CheckUp invitation from user, are shared with the company.