Duo Privacy
The Duo authenticator is a service that allows for a second factor authentication (hence, Multi-Factor Authentication) to be prompted for our users when using a username and a password on a Western service that requires MFA (Office 365, Peoplesoft).
The Duo authenticator is part of a larger organization known as Cisco Systems.
Western has engaged in long-term agreements with Cisco for a variety of network services and the Duo system falls within the context of that contract.
Through the use of Duo, Western has limited the amount of information collected by the vendor to the following:
- Username
- Phone number (if applicable)
- Type of device
- OS version of the device
- Device identifier (used to make sure the correct device is receiving the prompt)
- IP address of device
The agreement with Cisco prohibits the provision of our information to 3rd parties and our internal due diligence has demonstrated that the vendor is compliant with industry-standard data security and privacy practices.
The data collection above is consistent with other enterprise applications we use at Western and are in line with FIPPA requirements.
The following links provide more information from Cisco:
https://www.cisco.com/c/en/us/about/legal/privacy.html
https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-duo-privacy-data-sheet.pdfPublished on and maintained in Cascade.