Principles for the processing of user data by Kaspersky Lab security solutions and technologies

Respecting and protecting people’s privacy is a fundamental principle of Kaspersky Lab’s approach to processing users’ data. The data that is processed is crucial for identifying new and as yet unknown threats – such as WannaCry and ExPetr – and offering better protection products to users. Analyzing big data from millions of devices to strengthen protection capabilities is an industry best practice that is applied by IT security vendors around the world. It is a must for securing users’ digital lives from cyberthreats.

Details of the data processed can be found in the End-User License Agreement (EULA) and the Kaspersky Security Network (KSN) Agreement (which differ depending on the product). This data includes information about the device (such as device type, operating system, etc.), any threats detected on it, suspicious events in the operating system, etc. The information is used in the form of aggregated statistics in separated systems with strict policies regarding access rights, and we do not attribute data to specific individuals.

Users of Kaspersky Lab products can reduce the amount of data processed from their protected devices to the absolute minimum. All data processed and/or transferred is robustly secured through encryption, digital certificates, segregated storage and strict data access policies.

The main principles

  • Information processed in the company’s cloud-based systems is crucial for protecting users from the newest and most sophisticated threats.
  • This information is limited to what is needed in order to improve detection algorithms, refine the products’ operation and offer better solutions to our customers.
  • Data sent to Kaspersky Lab is not attributed to a specific individual. The information is used as aggregated statistics, on separated servers with strict policies regarding access rights.
  • Kaspersky Lab is committed to anonymizing information wherever possible, and actions to achieve this include deleting account details from transmitted URLs, obtaining hash sums of threats instead of the exact files, obscuring user IP addresses etc.
  • Users have control over the amount of data being shared, because participation in Kaspersky Security Network is voluntary and can be disabled at any time. If users disable KSN, a small amount of data that is essential for the product to function properly, will be shared, such as database updates and product license expiry information.
  • The information shared is protected, even during transit in accordance with stringent industry standards, including through encryption, digital certificates, and more.
  • Kaspersky Lab constantly reviews the type of data processed by its solutions to protect our customers’ privacy and comply with the very latest legal requirements, such as the upcoming GDPR regulations in Europe.

What is Kaspersky Security Network?

Kaspersky Security Network (KSN) is one of Kaspersky Lab’s main cloud systems that was created to maximize the effectiveness of discovering new and unknown cyberthreats and thereby ensure the quickest and most effective protection for users. KSN is an advanced cloud-based system that automatically processes cyberthreat-related data received from millions of devices owned by Kaspersky Lab users across the world, who have voluntarily opted to use this system. This cloud-based system approach is now the industry standard, applied by many global IT security vendors.

What is a ‘cloud’-based system’?

This is a system that runs on a company’s servers rather than on individual devices and which can be used over the internet from anywhere in the world. Examples of cloud systems include email, file sharing and file hosting systems. Kaspersky Lab’s cloud servers are distributed across the globe (e.g. in Germany, China, Canada, Russia etc.), enabling faster processing of information and guaranteeing server availability should one of them fail for any reason.

What is the purpose of cloud-based protection?

Most IT security vendors use the cloud to improve protection levels, and a hybrid protection model (antivirus databases + proactive defense + the cloud) is the most effective.

The high performance capability of corporate servers means that cyberthreats detected on user devices can be analyzed faster and more accurately. While the traditional antivirus and anti-phishing database updating cycle usually takes several hours, the cloud can provide users with protection against a new threat within minutes.

Using the cloud can also make a security product ‘lighter’ by keeping it from taking up too much memory and resources on the user device.

Why should I accept the KSN agreement and share statistics with Kaspersky Lab’s cloud?

The more users there are that contribute to the cloud intelligence, the better the protection will be for all users. Electing to opt out of sharing information with the Kaspersky Security Network (KSN) impacts how quickly the product can react to new and emerging cyberthreats. Home users not sharing data with KSN will not lose cloud protection, but if many choose this option, the overall level of security will inevitably be affected in the long run. If a corporate user opts out of KSN, it means that they will not be able to receive cloud protection at all. In this case, companies can apply an additional layer of protection – Kaspersky Private Security Network, which allows them to get the advantages of cloud protection without any data leaving the company’s facility.

Can the data transfer be restricted?

Yes, users have control over the amount of data being shared, because participation in Kaspersky Security Network is voluntary and can be disabled at any time. If users disable KSN, a small amount of data will be shared that is essential for the product to function properly.

The transfer of such information – for example, device, product and license information – is necessary in home or corporate products. This data is used to identify legitimate products, send them database updates, keep them operational, etc. This obligatory information is listed in the End-User License Agreement.

For home users, this list also includes websites visited, information on Wi-Fi access points and threats detected. These are necessary for offering a higher level of protection to users, such as enabling the Wi-Fi reputation feature that allows dangerous and fake Wi-Fi hotspots to be identified.

The Kaspersky Security Network agreement contains a list of data that customers can opt out of sharing at any time by unchecking the corresponding box in the product settings (they can also reverse this decision whenever they choose). Should they decide to disable KSN, corporate clients will be unable to receive urgent threat detections made in the cloud. In order to address this, Kaspersky Lab has developed Kaspersky Private Security Network for corporate clients, which allows them to get the advantages of cloud protection without any data leaving the company facility.

The volume and structure of information sent varies by product and is explained in each product’s agreement. Please follow this link for more information.

Do you process personal data?

Different laws define personal data differently. For example, GDPR says that ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). In its turn, international standard ISO/IEC 29100:2011(E) says that personally identifiable information (PII) is any information that can be used to identify the PII principal to whom such information relates, or might be directly or indirectly linked to a PII principal.

In accordance with the new legal frameworks being introduced in some countries, information processed in Kaspersky Lab’s cloud may contain data that might be considered as personal or personally identifiable. This could be email addresses used to access the My Kaspersky portal, information used to differentiate users’ licenses and devices in order to let them work properly, etc. However, we do not attribute this data to a specific person. Further, data is reliably protected with encryption and other security measures, including anonymization methods, and is used only to enable our products and services to work better and to provide users with the highest level of protection.

How do you anonymize the data you process?

Kaspersky Lab takes user privacy extremely seriously. The company implements the following measures to anonymize obtained data:

  • The information is used in the form of aggregated statistics;
  • Logins and passwords are filtered out from transmitted URLs, even if they are stored in the initial browser request from the user;
  • When we process possible threat data, by default we do not use the suspicious file. Instead we use hash-sum, which is a one-way math function that provides a unique file identifier;
  • Where possible, we obscure IP addresses and device information from the data received;
  • The data is stored on separated servers with strict policies regarding access rights, and all the information transferred between the user and the cloud is securely encrypted.

How do users benefit from data processing in the cloud? What data is processed?

The data obtained for further analysis depends on the product, and it is recommended that users carefully read the agreements accepted during installation. The data includes the following:

  • License/ subscription information

We are always on hand to support our customers in the case of a cyberattack and our products are no different. License/ subscription data helps us to send product and antivirus database updates to legitimate users, ensuring they remain protected from the latest threats.

  • Product information

As well as staying protected, it’s also important that our users enjoy the best user experience possible. So, various data on the product’s operation and its interaction with the user is also analyzed. For example, how long does threat scanning take? Which features are used more often than others? Answers to these and other questions help us to tailor products to our users and provide them with solutions that are faster and easier to use.

  • Device data

Related to user experience is convenience, something we are always looking to improve at Kaspersky Lab to make cybersecurity easier for our customers. Data such as device type, operating system, etc. is needed to identify a specific computer or phone. Matching a license to a specific device means the user doesn’t have to buy a new license for the security product after reinstalling the operating system, so they can pick up exactly where they left off.

  • Threats detected

For users’ safety, their cybersecurity solutions should be up-to-date with the latest threats and that is exactly what we provide. Modern cyberthreats are constantly evolving, meaning threat databases need to be regularly updated. If a threat (new or known) is found on a device, information about that threat is sent to Kaspersky Lab. This enables us to analyze threats, their sources, principles of infection, etc., resulting in a higher quality of protection for every user.

  • Information on installed applications

At Kaspersky Lab, we believe each individual user deserves a personalized experience specific to them. To achieve this, information on installed applications is processed to create lists of ‘white’ or harmless applications and prevents security products from hindering the user experience by mistakenly identifying such applications as malicious. In addition, this information helps us to offer users security solutions that best match their needs, giving users a greater level of personalization.

  • URLs visited

We want Kaspersky Lab customers to always have the highest level of protection when they are browsing the web, no matter which websites they visit. So, URLs can be sent to the cloud to check if they are malicious and prevent users from visiting them. This information also helps to create lists of ‘white’ or harmless websites and prevents security products from mistakenly identifying such websites as malicious and detracting from the user experience. In addition, this information helps us to offer users security solutions that best match their needs. We filter out information regarding logins and passwords from transmitted URLs, even if they are stored in the initial browser request from the user.

  • Operating System events

New malware regularly features sophisticated processes in order to stay hidden, and can often only be identified by its suspicious behavior. To protect our users by ensuring that we stay one step ahead of the latest cyberthreats, the product analyzes data on processes running on the device. This makes it possible to identify early on processes that indicate malicious activity, and to quickly prevent any potentially damaging consequences, such as the theft or destruction of user data.

  • Suspicious files

The analysis of suspicious files helps users to stay protected from the newest and most sophisticated malware. If an (as yet) unknown file exhibiting suspicious behavior is detected on a device, it can be automatically sent to the cloud for a more thorough analysis by machine learning-based technologies and, in rare cases, by a malware analyst. Personal files (such as photos or documents) are rarely malicious and do not behave suspiciously. As a result, the ‘suspicious’ category includes mainly executable files (.exe).

  • Wi-Fi connection data

Wi-Fi networks are everywhere these days, but many are not secure. In order to help users feel confident that they are protected wherever they go, Wi-Fi information is analyzed in order to warn users of insecure (i.e., poorly protected) Wi-Fi access points, helping to prevent personal data from being inadvertently intercepted by cybercriminals.

  • User information

Customers need to know that their accounts are secure and can be accessed from anywhere, so email addresses are used for authorization on the My Kaspersky web portal, which enables users to manage their protection remotely. Email addresses are also used to send targeted messages (e.g., containing important alerts) to users of Kaspersky Lab products. Users can also choose to specify the names (or nicknames) by which they would like to be addressed on the My Kaspersky portal and in emails. Contact information is provided by users at their own discretion.

  • Dump and trace files

We want Kaspersky Lab users to enjoy a quality user experience so, by checking the special box in the product settings, users can share error reports with Kaspersky Lab servers. This information helps to analyze any errors that might occur in the product and to modify it accordingly so that it will function more effectively moving forward. Users have to manually approve every report before it is sent to the cloud.

Where is this data stored?

Kaspersky Security Network's front-end servers are located in different countries around the world (Germany, Canada, China, Russia, etc.), while the back-end servers are located in Russia, where the largest part of Kaspersky Lab’s anti-malware research team works. Different types of aggregated stats are stored on different servers with strictly regulated access rights, or in the Microsoft Azure cloud.

Do you share personal data, processed by Kaspersky Lab solutions, with third parties?

We do not share the information with any third parties.

Is Kaspersky Lab compliant with GDPR?

Kaspersky Lab is now working to become compliant with GDPR from a legal, technical and organizational point of view, for when the new regulations apply.