PCR technology was conceived to support global privacy regulation using technologies specifically designed to deliver privacy protection as a priority.
PCR runs on a global network of "privacy hubs" located in key privacy jurisdictions such as USA, Canada, UK, Switzerland, Singapore, Abu Dhabi and Buenos Aries (1). This architecture ensures that personal information is stored and processed in the jurisdiction governing the data subjects we process.
PCR’s Privacy Hub is responsible for gathering information required to enroll investment accounts and produce digital letters of authorization (LOA) that account owners sign to instruct custodians and managers to share account owner information. This process is designed to eliminate the manual handling of personal information, printing of LOA’s and unsafe emailing of this sensitive information. All consent is recorded, tracked and delivered via electronic signature.
This is the foundation of our architecture and focuses on ensuring that any security breach, no matter how egregious, limits the potential for a privacy breach. The LOA produced above contains personal information as it requires presenting the account holder names and account numbers to the counterparty. To further protect identities, we do not store the account numbers in this infrastructure but rather tokenize the account number and store the actual value in a second, isolated infrastructure.
All custodians and managers send sensitive personal data in their files and documents. As PCR has no influence on the market place, we immediately tokenize any Personally Identifying or Personally Linking in the source files and store that actual values in two separate database in the regional privacy hub. All processing, storage and transport occurs on tokenized data with the original data provided by custodian is destroyed after processing.
There are times that we must De-Tokenize Information by matching tokenized references in the data with information in the in the two token registries. Detokenization is generally limited to automated process responsible for preparing the data for transfer to approved designated systems (a clients wealth tech platform or banks reporting system). In the infrequent case that a manual check of data is required, only a small number of closely monitored team members have access to dynamically detokenize a single field at a time.
If the Privacy Hub were breached, there is the possibility, after overcoming stringent encryption at rest protections, that a name and email could be obtained. But because we do not store account numbers or other information categorized as sensitive personal information, the identity breached has no context and cannot be linked to other information.
If the Token Registry were breached, the hacker would find a random character string associated with something like 11-1231-12321 (a brokerage account) with no context of the account owner is or what firm it is associated with.
If the Aggregation Hub were breached, the only information exposed would be quantities in securities and related transactions. Private security names, transaction comments, and account numbers would all be tokenized and unreadable.
Therefore, to have a breach of the type firms fear most, the infrastructure would have to suffer a simultaneous breach of three completely isolated data centers to associate an identity (Privacy Hub) with information such as account number that links an identity (Token Registry) to their investment data (Aggregation Hub).
Every row of data in our database is linked to the digital authorization obtained and as such enables us to trace the origin of a data subject’s information. Workflows are provided that automate our ability to service data controller requests:
We have chosen a technology approach rather than over-reliance on people, agreements, and insurance to protect our clients most valuable asset - their privacy. Our continuous commitment to innovation on the privacy-tech front ensures that our clients will continuously benefit and our service trusted.