Introduction to Data Security
From ordering groceries to signing your child up to play sports online, digital technology is becoming more and more prevalent in our daily lives to simplify otherwise time-consuming tasks. Living online is now so second nature, that it is easy to overlook how much of our personal information is exchanged online, and how important it is to practice safe habits.
For sports organizations, there are many advantages to using league management software for both the parent/player and the organization itself. Organizations that register players online should be aware of how that information is being collected, transmitted, and stored, and ensure basic online safety guidelines are followed.
As a sports administrator and volunteer, we want to help you build a basic understanding of data security, how it applies to both your league and it’s members, and what your league management software is doing to protect your organization’s information. This way, you and your members can rest easy knowing your information is safe.
Our newest blog series will dig into the role and importance of data in today’s online world and what sports organizations should be aware of, starting with a few basic data security definitions that apply to league management software.
Glossary of Terms
Data security:
Data Security, or Cybersecurity, “is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.” https://www.us-cert.gov/ncas/tips/ST04-001
Why should I care? When managing a sports league online, you should ensure that your service provider adequately focuses on Data Security. Ask what they do to stay compliant and secure with your member data.
CIA:
Confidentiality, Integrity, and Availability. The CIA Triad is “a way of thinking and reasoning about how best to protect the data on your network.” https://www.varonis.com/blog/cia-triad/
Confidentiality ensures that information is accessible only by authorized individuals;
Integrity ensures that information is reliable; and
Availability ensures that data is available and accessible to satisfy business needs.
Why should I care? As an administrator, you should ensure that your member data follows these three areas. CIA can help guide your questioning and research when choosing the best partner.
PII:
Personally identifiable information (PII) is any data that could be used to identify an individual. Every sports league collects PII of members during registration. There are two types of PII, sensitive and non-sensitive. Identifying sensitive versus non-sensitive data and understanding how to secure it is important for every organization. Sensitive data for a sports organization could include players’ full names, Social Security Numbers, banking information, and the club’s EIN number. Non-sensitive data could include player race, gender, and date of birth.
Why should I care? Every sports league collects, stores, and uses PII. Administrators should always be aware of how your data is collected, who can access it, and how to keep it secure. Sports Connect encrypts sensitive data in transit and at rest if retained. Your league management provider should communicate data lifecycle retention policies to ensure that a process exists to archive and remove data over time.
Encryption:
The transformation of plain text data into “ciphertext”, which conceals the data’s original meaning to prevent it from being known or used. When your club and player’s sensitive PII is transmitted to Sports Connect servers, it is first encrypted into ciphertext so it can only be deciphered by the intended recipient.
Why should I care? Every online provider should take steps to encrypt your data so that it can safely travel from your members to servers, and back to you when you need to access it. Make sure that your provider can confidently speak to how data is encrypted and stored.
PCI DSS:
Payment Card Industry Data Security Standard – a set of security standards designed to ensure that ALL companies that accept, process, store, or transmit credit card information maintain a secure environment. Sports Connect adheres to the highest level of PCI Compliance. We do not store credit card data on your platform. Additionally, we undergo self-assessments and regular audits keep us more secure than any other service provider in the industry.
Why should I care? Payment information is arguably the most sensitive and important information to protect. Ask about the steps your provider takes to constantly remain compliant, and that it is an ongoing standard that is upheld.
Coming Up Next…
With this basic introduction to data security and how it applies to your youth sports organization, you can better understand and talk with others about what Sports Connect is doing to protect your club and player’s information. Keep an eye out for the next blog in our series!