Privacy & security Policy

Corcoran Consulting Group, LLC, (CCG) puts forth good faith efforts to maintain the privacy and security of its own and client or potential client data and contracts only with reputable organizations for data storage, backup, and transmission.

  • CCG regularly executes non-disclosure agreements with clients and potential clients, using industry-standard terms and conditions. All contractors/agents of CCG fall under this non-disclosure agreement and have executed a corresponding non-disclosure agreement with CCG.

  • CCG makes client and potential client data accessible to contractors/agents solely on a need-to-know basis. Access is removed upon completion of a project assignment.

  • CCG employs strong, unique, encrypted passwords for various online accounts to isolate and minimize the potential footprint and impact of a data breach and stores these passwords in an encrypted vault in LastPass (see LastPass privacy and security policies here).

  • CCG generally employs both biometric authentication and two-factor authentication wherever possible to limit access to unauthorized or unknown users or devices.

  • CCG regularly uses one or more tools to capture notes electronically and/or to record and transcribe online or in-person meetings. The tablet device is secured with an encrypted password and a forced factory reset after repeated failed access attempts. Meetings notes, transcriptions, or recordings are accessible solely to CCG principals. Tools used in this manner are generally configured to comply with applicable disclosure guidelines. However, by agreeing to an engagement with CCG, clients explicitly agree to the use of these tools, even if such usage falls short of compliance with applicable authorities governing disclosure. An edited copy of a recording, e.g., a webinar or workshop, may be supplied to clients pursuant to the scope of work. Upon request, CCG may share recordings or transcriptions of other meetings. Under no circumstances will CCG provide notes, recordings, or transcriptions of interviews conducted in the course of an engagement in which strict confidentiality is promised in return for candor.

  • CCG client or potential client data is stored in one or more cloud-based platforms and replicated locally only as needed (see Dropbox.com privacy and security policies here, see ReMarkable privacy and security policies here, see Fireflies.ai privacy and security policies here).

  • All CCG data is automatically and regularly backed up to a cloud-based platform in an encrypted format (see iDrive.com privacy and security policies here).

  • All CCG email is accessed, stored, and backed up on a cloud-based Exchange platform and accessible on authorized and protected devices (see Cloudscale365 privacy and security policies here) and/or accessed, stored, and backed up on a cloud-based Google Workspace platform and accessible on authorized and protected devices (see Google Workspace privacy and security policies here).

  • CCG relies solely on Apple devices with iCloud security enabled, including remote lock and remote wipe capabilities (see more about Apple Secure Enclave here and see Apple iCloud privacy and security policies here).

  • CCG has minimal reliance on physical/hard copy files during a client engagement. At the conclusion of a project, CCG retains no physical/hard copy files related to any client engagement, except for invoices, expense receipts, and other documents related to state and federal tax filings, none of which contain client confidential information.

  • CCG destroys physical/hard copy documents by employing a standard level-three cross-cut paper shredder.

  • CCG destroys online data as appropriate from Dropbox, Cloudscale365, iCloud, and Google Workspace by deleting the relevant files from both the cloud platform and relevant local devices. For SSD devices, files deleted from the hard drive space are automatically overwritten and unrecoverable. For all other devices, files are overwritten and the hard drive space is redeployed using Apple’s Erase Free Space protocol. Deleted files and folders are automatically removed from cloud-based backup servers in due course per the relevant policy for each provider.

  • All CCG devices are wiped clean using Apple’s various protocols (here and here) and restored to factory settings before disposal or redeployment, to ensure no data is retained.

  • CCG may, from time to time, unless otherwise restricted, incorporate or refer to general findings or observations from client engagements in presentations or speeches. In such cases, all data or graphics are stripped of identifying characteristics so no content is traceable to the source. In the event CCG desires to attribute findings or observations to a specific client, CCG will secure specific permission in advance.

  • CCG may, from time to time, unless otherwise restricted, include client organization names in a general client roster, without reference to the nature or scope of work. Inclusion in such a list does not imply endorsement or recommendation of CCG services.

  • Please address any questions or concerns on this policy by phone or email here or by postal mail here.

Last updated February 2024