Lattice's Privacy Approach

Wave
In recent years, constantly changing privacy laws and regulations have challenged even the most heavily capitalized and legally sophisticated organizations. Meeting modern data privacy requirements around the world is no easy task. Here at Lattice, we are proactive and agile when it comes to privacy compliance, investing prudently to manage compliance risks, maintain (and in some cases establish) industry best practices in information security and data privacy, and earn our customers’ trust. We proactively monitor changes in legal requirements and the compliance needs of our customers so that we can immediately respond to changes in the law, and efficiently offer compliant solutions to our customers and their employees. 

Here are some examples of our work in action:

Proactive Approach. Lattice’s proactive monitoring of likely regulatory developments in the EU led to our prediction that the EU-US Privacy Shield would be invalidated by the EU courts. In Fall, 2020, it was. Thanks to our foresight, our customers were already positioned to comply with the new ruling because we opted to rely on the Standard Contractual Clauses instead of the Privacy Shield. View Lattice’s position statement on the Schrems II ruling here.

Privacy by Design. Our legal and engineering teams collaborate to implement privacy practices during the design and development of our software. As a result, we have completely anonymized our analytics database. That means we can deliver comprehensive benchmarking results to our customers without incremental risk to the preservation of user personal data.

Vendor Management. We understand that with data privacy, you are only as strong as the weakest link. That is why we assess the data privacy posture of all of our vendors, with enhanced scrutiny applied to those that process customer data. We require each vendor that subprocesses data to enter into our standard Data Processing Addendum. You can view and subscribe to a list of subprocessors of Lattice customer data at http://www.lattice.com/subprocessors.

Trust and Accessibility.
Lattice is a people company; we prioritize the human element. We understand the need to offer individuals and our customers choice and transparency around the collection and processing of their data. That is why we have a dedicated privacy team ready to respond to any data privacy questions or requests. You can contact our privacy team at: privacy@lattice.com. For additional information about our privacy practices and your rights, please visit our Privacy Policy.

Transparency and Evolution.
We collaborate internally and externally, with our legal and data privacy counsel, Data Protection Officer, E.U. Representative, and our customers and end users, as part of an iterative process to develop and implement workable privacy practices and solutions. We are happy to share some of these learnings in an effort to promote continued evolution, including this list of frequently asked questions and answers.