Database Marketing

& Insights

Privacy & Security

Using a combination of organizational, physical and technological security measures to protect your data in our care.

Cornerstone’s data security and personal information management is designed, audited and/or certified with the strictest of industry standards. These standards are designed to meet financial, privacy and other government regulations.  Cornerstone’s use of DataFlux technology creates encrypted, machine-logic driven match-codes that are virtually impossible to reverse engineer but allow our Clients to retain history on data with restricted access to personal information.

Our Privacy Measures:

All of our campaign execution are built on industry suppression lists such as:

  • The Canadian National Do Not Call list
  • The Canadian Marketing Association Do Not Contact list
  • Internal suppression lists
  • Client specific suppression lists

Our systems infrastructures meet industry best practices with our multi-layered security network. Clients may also request that their databases be a part of a PCIDSS.

Cornerstone is PCIDSS compliant because of the sensitivity of the financial information we manage. Cornerstone's privacy policy, which is continuously reviewed and updated, has been established to protect the privacy of the personal information that we manage on behalf of our Clients. To ensure best privacy practices as a marketing industry leader, we have established the Cornerstone Privacy Principles, which are based on the principles set out in the Personal Information Protection and Electronic Documents Act (PIPEDA). A full text version of our Privacy Principles is available at Cornerstone Privacy.

The importance of upholding the highest level of privacy protection and data security practices, while working closely with our Clients and suppliers to ensure that all parties understand their responsibilities with respect to our privacy guidelines, is something we take very seriously.

Cornerstone uses a combination of organizational, physical and technological security measures to protect the data in our care. Organizational measures include limiting access to data to those on a “need-to-know” basis and physical measures include restricted access to and video monitoring of our locked server room. Technological measures include the use of system access levels and authentication, as well as firewalls and data encryption for data in transit or for highly sensitive data while at rest. Cornerstone uses a data classification policy to assign appropriate security levels to the data in our care, based on the degree of sensitivity of the data. More sensitive data is treated with the highest possible level of security.  As a leading database services provider, Cornerstone conducts regular audits to ensure compliance with the highest level of data security and information management practices. Our environments are within a disaster recovery and business continuity type infrastructure.