The purpose of this policy is to ensure the appropriate handling of confidential customer data stored in AP Playbook and to protect from threats, whether internal or external, deliberate or accidental, the information assets of The Associated Press and AP Playbook customers.
This policy is designed to ensure:
- Customer information stored in AP Playbook is protected against unauthorized access, modification, or deletion.
- Confidentiality of information is maintained.
- Information is not disclosed to unauthorized persons through deliberate or careless action.
- Availability of information to authorized users when needed.
- Regulatory and legislative requirements will be met.
- Information security training is given to all relevant employees.
- All breaches of information security and suspected weaknesses are reported and investigated.
AP Playbook may store and process certain personally identifiable information which is necessary for the provision and support of AP Playbook. This may include, without limitation, user-provided phone numbers for opt-in SMS text notifications; user email addresses for login authentication; user location data, where the user has opted to share their location with other users via AP Playbook; and mobile device identifiers.
Other information (such as names, phone numbers, and email addresses) may be stored regarding non-users of AP Playbook, where such data has been entered into the system by an authorized user for the purpose of facilitating coverage of a news story.
When using AP Playbook from a mobile device, users may share the geographic location of their device with the system. Such device location may be transmitted to AP Playbook whenever the AP Playbook mobile app is running (even if you are not actively using the app or it is running in the background on your device). Your device may continue to transmit its location to AP Playbook until you change your device settings.
If a user sets their device not to transmit location information to AP Playbook, the staff location mapping feature will be unable to show authorized colleagues the user’s location.
Service Usage Information
As is typical of many web sites and mobile applications, when you use AP Playbook, we may collect information about your device and your usage of AP Playbook including:
- Your IP address (which we may associate with your domain name or that of your Internet access provider or wireless carrier, and your location);
- Unique ID number associated with your device;
- Web browser and operating system information;
- Language of your device;
- Wireless connections you are using;
- Elements of the AP Playbook service you click or tap on during your use of AP Playbook.
How is your information used?
We may use the information we collect from or about you to perform the following functions:
- Enable you to use AP Playbook and its features;
- Conduct market research;
- Improve or develop new features and offerings in our provision and support of AP Playbook;
- Generate analytics reports on the usage of AP Playbook.
The uses specified above are necessary for the performance of a contract for the provision and support of AP Playbook or are based on our legitimate interests in improving the provision and support of AP Playbook and/or developing new AP services.
Some of the data we gather, including how users are using AP Playbook, and their unique IDs, may be shared with third-party providers of services to us, such as guided help or analytics, to assist with the purposes specified above.
Cookies and other tracking technologies
We, and/or our service providers or partners on our behalf, may use tracking technologies which may run on your device when you use AP Playbook. The circumstances in which we may deploy tracking technologies include:
You can manage website cookies in your browser settings. You always have the choice to have your device warn you each time a cookie is being sent or change these settings by accepting, rejecting, or deleting cookies. If you choose to change your settings, you may find that certain AP Playbook functions and features will not work as intended.
Upon the termination of a contract governing a customer’s use of AP Playbook, AP will decommission the customer instance of AP Playbook. This will generally result in the destruction and/or return of customer data to the customer as agreed and detailed in the customer contract.
AP Systems and Security Obligations:
AP implements the following security measures with respect to customer data processed or stored in AP Playbook:
- Encryption of data at rest using AES256 or higher (or equivalent technology), with the encryption key rotated on an annual basis.
- Encryption of data in motion using HTTPS/SSL, with TLS 1.2 or higher.
- Deployment of web application firewall(s), or equivalent technology, in the hosted environment in which AP Playbook is running.
- Provides continuous system monitoring with notifications of adverse events.
Data Security Breach:
A “data breach” is defined as any incident where the security or integrity of personal information or customer data in our care has been or may have been compromised.
In the case of such a data breach, AP’s corporate incident response plan will be activated, as appropriate, and we will notify any customer who may be impacted as promptly as possible given the specific circumstances. Where legally required to do so, we will also notify any applicable regulator.
In the event of a security issue identified by a customer, AP will investigate as soon as possible and provide a written response. AP will liaise with the customer to determine if the provision and support of AP Playbook need to be suspended until the issue is resolved and/or if a software update is required and agree an appropriate resolution path.
All personnel and contractors are obligated to follow the procedures detailed in this AP Playbook information security policy.
All personnel and contractors have a responsibility for reporting security incidents and any identified weaknesses.
Any deliberate act to jeopardize the security of information that is the property of The Associated Press or their customers or contractors will be subject to disciplinary and/or legal action as appropriate.
The policy is reviewed regularly and, in the event of influencing changes, updated to ensure it remains appropriate for the business and ensures our ability to serve our customers.
Playbook Support at: ENPSSupport@ap.org
Telephone: +44 207 482 7707 (International - EMEA/APAC)
+1 202 641 9641 (Americas)