Engineers at InvestAllocator during debugging, system maintenance or upgrade are able to access the data, BUT
- It might happen only if a comliance team approves it
- All personally identifiable information is hidden
So data is unmasked strictly on a need-to-know basis. Only the people who need access to improve or operate the system can unmask and access data. And when they do their routine maintenance, debugging, or servicing of the system, they're required to state the valid justification for each access session. We maintain an audit trail for all data access sessions and review them periodically. We do background checks for all employees who have access to sensitive data. If an employee ever wrongly accesses customer data through this system, they will be caught, and will face penalties upto criminal prosecution.