Last Updated: July 9, 2024
Table of Contents
1. Overview of TechTarget
TechTarget is the global leader in purchase intent-driven marketing and sales services that deliver business impact for enterprise technology companies. By creating abundant, high-quality editorial content across approximately 150 websites and 1,000 webinars and virtual event channels, TechTarget attracts and nurtures communities of technology buyers researching their companies’ information technology needs. By understanding these buyers’ content consumption behaviors, TechTarget creates the purchase intent insights that fuel efficient and effective marketing and sales activities for customers around the world.
TechTarget has offices in Boston, London, Munich, New York, Paris, Singapore and Sydney.
More about TechTarget
2. Our Commitment to Privacy, Security, and Data Protection
TechTarget takes privacy compliance, information security and data protection seriously and is committed to effectively safeguarding the confidentiality, integrity, and availability of the Regulated Personal Information and Confidential Data entrusted to our organization by our customers, members, employees, and other key organizational stakeholders.
TechTarget has established robust privacy and information security programs which are focused on the following:
- Complying with the privacy laws and regulations applicable to the business services provided by TechTarget;
- Meeting our customers’ and other key stakeholders’ requirements, including associated contractual commitments;
- Implementing, maintaining, monitoring, and continuously improving upon our security and data protection controls; and
- Aligning our program requirements with generally accepted privacy and information security best practices and regulatory requirements.
Through the above programs, TechTarget’s overall intent is to create a proactive environment focused on effectively safeguarding the privacy and security of TechTarget’s key data and organizational assets and the systems that support them.
3. Information Security Program
TechTarget’s Information Security Program encompasses the creation, implementation, maintenance, enforcement, and oversight of the organization’s information security program requirements including related policies, procedures, standards, guidelines, and controls. The Information Security Program is focused on safeguarding all Regulated Personal Information and Confidential Data entrusted to us as required by applicable laws, rules, and regulations and in accordance with our contractual commitments.
TechTarget’s overall Information Security Program framework includes the following core components:
- Executive Level Support and Commitment
- Appointment of Dedicated Security Personnel
- Policies, Procedures, Standards, and Guidelines
- Information Security Training/Awareness Activities
- Information Security Risk Assessments for High Priority Systems
- Information Security Incidents Identification/Response
- Workforce Security Incident Reporting
- Information Security Breach Notification
- Security Processes and Controls for Protected Regulated and Confidential Data
- Security Control Audits/Evaluations
- Information Security Program Updates and Maintenance
The program’s structure is influenced by several industry security standards and frameworks, such as the National Institute of Standards and Technology (NIST), applicable SOC 2 criteria, and the International Organization for Standardization (ISO). For example, our BrightTALK webinar and channel platform meets the International Organization of Standards (ISO) 27001 standard and our Priority Engine purchase intent service meets the SOC 2 Trust Service Criteria for Security, Availability, and Confidentiality established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).
More about BrightTALK’s ISO 27001 Certification
More about TechTarget’s Priority Engine SOC 2
4. Privacy and Data Protection Program
TechTarget has a strong privacy and data protection governance program to manage privacy compliance and data protection risks. This program is based upon a foundational policy which establishes the overall privacy program framework and which identifies key control areas, processes, and organizational strategies for data protection and privacy compliance. In addition, this program includes detailed policies and operational privacy processes focused on compliance with specific aspects of applicable privacy laws.
TechTarget’s overall Privacy Program framework includes the following core components:
- Executive Level Support and Commitment
- Appointment of Dedicated Privacy and Security Personnel
- Policies, Procedures, Standards and Guidelines
- Privacy and Security Training/Awareness Activities
- Privacy by Design
- Security Controls for Protected Regulated and Confidential Data
- Privacy Incident Management
- Data Breach Notification
- Privacy Inquiries and Investigations
- Privacy and Related Security Control Audits
- Privacy Program Updates and Maintenance
5. Roles and Responsibilities
We have assigned clear roles and responsibilities for the administration of both our information security and privacy programs. This includes designating executive level staff with the responsibility and accountability for providing guidance and strategic support to both governance programs as well as their related controls and processes in accordance with business strategy, customer requirements, and applicable legislative and regulatory requirements.
Additionally, the Company has assigned dedicated senior managers with extensive hands-on security experience to key information security roles. TechTarget has also formally appointed two staff members to be designated Data Protection Officers and has assigned other staff members to function as regional Privacy Representatives. In addition, other dedicated personnel help to monitor compliance and assist with the implementation of new and changing privacy and data protection program initiatives.
6. Other Administrative Controls
Policies and Related Processes/Plans
In addition to our foundational information security and privacy policies, we have other key policies, procedures, and controls in place to manage and mitigate both security and privacy risks including the following:
- Information Security Risk Management Policy
- Access Control, Authentication, and Authorization Policy
- Acceptable Use Policy
- System Development Lifecycle Policy
- Password Management Policy
- Data Classification and Handling Policy
- Business Continuity and Disaster Recovery Policy and Plan
- Privacy and Security Incident Management Policy and Plan
- Record Retention and Destruction Policy and related Retention Schedules
- Third-Party Assessment Policy and related assessment forms
- GDPR and CCPA Related Policies and Procedures
Privacy and Security Training and Awareness Programs
To promote an ongoing privacy and security-focused culture, TechTarget’s personnel and key applicable stakeholders receive extensive privacy and information security training via a variety of formats. This training is focused primarily on an overall understanding of the organization’s privacy and security programs, including the detailed requirements of these programs, and training for employees with specific roles and responsibilities. In addition, all our employees also receive monthly security awareness training.
Human Resource Controls
TechTarget strives to attract and retain a pool of diverse and exceptional candidates and supports their continued development after they become employees. We consider our employees our driving force in the competitive B2B technology marketing space. We also appreciate the significant role our employees play in protecting our member and customer data.
- We perform background checks on our prospective employees depending on the role they will perform and in accordance with local laws, rules, and regulations (which vary in different countries and jurisdictions).
- We require all new employees to read and acknowledge our information security and privacy policies and undergo training during the onboarding process, as well as throughout the course of their employment.
- We ensure that employees are evaluated through annual performance reviews and, further, are recognized, rewarded, and engaged based on their contributions.
Our ability to retain our workforce is also dependent on our ability to foster an environment that is safe, respectful, fair, and inclusive of everyone and promotes diversity, equity, and inclusion inside and outside of our business.
Incident Management
TechTarget has a privacy and security incident management program in place which includes a detailed plan and an established, cross-functional team to manage and investigate potential incidents. One of the key goals of this team is to quickly identify and respond to a privacy or security incident to minimize its impact on the organization and reduce any potential disruption to operations.
Third-party Assessment Program
TechTarget has a robust third-party assessment program in place to evaluate the general compliance, privacy, and security controls. In addition, we perform an annual maintenance review for key third-parties associated with our high priority systems.
Information Security Technical and Physical Security Controls
TechTarget has multiple IT system security controls and practices in place including, but not limited, to the following:
- Access and Authorization Controls
- Authentication and Password Management Controls – Including complex password requirements and salted hash controls
- Network Security Controls
- Firewalls
- IDS/IPS
- SIEM (Centralized logging/monitoring)
- Weekly vulnerability scanning
- Penetration Testing
- Wireless Networking Controls
- Server and Workstation Controls including the following:
- Patch Management/Hardening Controls
- Virus, anti-spam and malware protection controls
- Encryption controls:
- Encryption in Transit (HTTPS: TLS 1.2, SFTP, etc.)
- Encrypted Backups
- Encryption at Rest (AES 256)
- Encryption of Endpoint Devices
- Data Storage, Retention, and Destruction
- Physical Security Controls
- Restricted Access and Environmental Controls
- Disaster Recovery and Backup Controls
TechTarget also utilizes SOC 2 compliant data centers and cloud service providers both for internal business applications as well as in support of the delivery of its services.
More Information about Data Privacy and Compliance
Data Privacy Operational Processes
Our privacy program is continuously evolving and improving to meet the requirements of the ever-changing privacy landscape. It is designed to protect the information assets entrusted to us by our members, customers, and employees and is focused on, among other things, complying with applicable privacy laws and regulations (including, for example, GDPR and CCPA), meeting customer and stakeholder requirements, and aligning with generally accepted information privacy best practices. We have multiple controls and practices currently in place including the following:
- Maintaining Records of Processing (and related data transfer information)
- Privacy/Data Protection Impact Assessments
- Performance of Legitimate Interest Analyses
- Personal Information Data Inventory and Mapping
- Individual Rights Processing and Procedures
- External Privacy Notices, Links, Forms, and Processes
- Third Party Privacy and Security Assessment Processes
- Privacy Incident Management
We also perform audits periodically to ensure we are meeting our regulatory and customer-related obligations.
TechTarget Data Collection
TechTarget is a B2B data provider. We collect and use business contact records through a voluntary member registration interaction, where prospective members provide their contact information in exchange for gaining access to premium content on our network and communications from us and our customers that are relevant to their professional interests. The personal information collected is limited to non-sensitive contact information (e.g., name, title, contact info (email, phone, business address)) and is used in accordance with our online privacy policies and notices.
Transparency in how we collect, use, share, and protect data, including personal information, is a key privacy principle we embrace. As a B2B provider, we understand the value of providing both our members and our customers with clear information about our data practices. To support this effort, we have adopted publicly accessible privacy policies and notices which are posted conspicuously on our websites, on our registration forms, and in our email communications. We have also adopted various member agreements that govern the use of our services and have provided our members and customers with various methods for exercising their applicable data subject rights. Our privacy policies and agreements include the following:
- TechTarget Privacy Policy
- TechTarget Privacy Notice for California Residents
- TechTarget Terms of Use
- BrightTALK Privacy Policy
- BrightTALK Privacy Notice for California Residents
- BrightTALK User Agreement
- Priority Engine Privacy Statement
- Priority Engine Privacy Notice for California Residents
We only collect and process personal information that is relevant to and necessary to provide our services, as outlined in our privacy policies and notices, and in a lawful and secure manner. We also provide our members with a clear process to submit a data subject rights request, such as to access, correct, delete, transfer, or opt out of sale or sharing of their personal information:
- For EU or UK GDPR Data Subject Rights Requests, click here.
- For California CCPA Consumer Rights Requests, click here.
- For Other Privacy Related Requests, click here.
7. Data Broker Registrations
California
The California Privacy Protection Agency (CPPA) (and, formerly, the California Attorney General’s Office) manages California’s Data Broker Registry. The CPPA website includes a list of all registered data brokers and is accessible here.
Oregon
The Department of Consumer and Business Services manages Oregon’s data broker registry. Information about the data broker registry is available state’s data broker registry.
Texas
The Texas Secretary of State manages the Texas’s Data Broker Registry. In accordance with the requirements of the Texas data broker law, TechTarget is posting the following notice:
The entity maintaining this website is a data broker under Texas law. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.
Vermont
The Vermont Secretary of State (VT SOS) manages Vermont’s Data Broker Registry. The VT SOS website includes a list of all registered data brokers and is accessible here.
8. Swiss Representative Information
Pursuant to Article 14 of the FADP, TechTarget, Inc. has appointed EDPO Switzerland as its Representative in Switzerland.
You can contact EDPO Switzerland regarding matters pertaining to the FADP:
- by using EDPO Switzerland’s online request form: https://edpo.com/swiss-data-request/
- by writing to EDPO Switzerland at Rue de Lausanne 37, 1201 Geneva, Switzerland