Our principles for user data processing
The main principles
- Information sent by Kaspersky Lab products to the company’s servers (the “cloud”) is limited to the data needed to improve the level of protection against cyberthreats, refine the product operation and offer better solutions to our users
- Data sent to Kaspersky Lab is depersonalized and does not include users’ confidential information
- Users voluntarily consent to send this data to Kaspersky Lab by agreeing to the license agreement during product installation, as well as to the Kaspersky Security Network (KSN) user agreement
- The information received, as well as traffic, is protected in accordance with legal requirements and stringent industry standards, including encryption, digital certificates, firewalls and more.
What is Kaspersky Security Network?
Kaspersky Security Network is an expert cloud-based system that automatically processes depersonalized statistics received from millions of devices owned by Kaspersky Lab users across the globe who have voluntarily consented to this. KSN was created to maximize the effectiveness of discovering new and unknown threats.
What is the ‘cloud’?
It is a service that runs on a company’s servers rather than on user devices and which can be used over the Internet from anywhere in the world. Examples of cloud services include e-mail, file sharing and file hosting services. Kaspersky Lab servers are distributed across the globe, providing faster processing of information and interchangeability in case of emergency.
What is the purpose of cloud-based protection?
Most IT security vendors use the cloud to improve protection levels. Hybrid protection (antivirus databases + proactive defense + the cloud) is the most effective.
The high performance of corporate servers means that cyberthreats detected on user devices can be analyzed faster and more accurately. While the traditional antivirus and anti-phishing database updating cycle usually takes several hours, the cloud can provide users with protection against a new threat within minutes.
Using the cloud can also make a product ‘lighter’ by keeping it from using too much memory and resources on the user device.
What data is processed in the cloud?
License and product information
This information is needed to maintain communication between the product and Kaspersky Lab services – sending and receiving product and antivirus database updates, etc. The cloud uses it to recognize legitimate users.
Data on the product’s operation and its interaction with the user is also analyzed. How long does scanning for threats take? Which features are used more often than the others? Answers to these and other questions help developers to improve products, making them faster and easier to use.
Data such as device type, operating system, applications installed on the device, etc. is needed to ‘link’ a license to a specific machine. And why do that? Linking a license to a specific machine means that the user doesn’t have to buy a new license for the security product after reinstalling the operating system, for example. Identifying a certain person based on this kind of device information is impossible because it does not include any data that can be used to identify the user. This information also helps us to analyze cyberthreats because it shows how many devices are affected by any specific threat.
If a threat (new or known) is found on a device, information about that threat is sent to Kaspersky Lab. This enables us to analyze threats, their sources, principles of infection, etc., resulting in higher protection quality for every user.
Information on installed applications
This information helps to create lists of ‘white’ or harmless applications and prevent security products from mistakenly identifying such applications as malicious. This data is also used to update and extend program categories for solutions like Parental Control. In addition, this information helps us to understand our users better and offer them security solutions that match their needs.
New malware can often be identified only by its suspicious behavior. Because of this, the product analyzes data on processes running on the device (events that do not depend on user actions but result from OS and program operation). This makes it possible to identify processes indicative of malicious activity early on and prevent any dire consequences, such as the destruction of user data.
If an (yet) unknown file exhibiting suspicious behavior is detected on a device, it can be sent to the cloud for a more thorough analysis. Personal files (such as photos or documents) are rarely malicious and do not behave suspiciously. As a result, this category includes most executable files (.exe).
Wi-Fi connection data
This information is analyzed in order to warn users of insecure (i.e., poorly protected) Wi-Fi access points, helping to prevent personal data from being intercepted.
User contact data
Email addresses are used for authorization on the My Kaspersky web portal, which enables users to manage their protection remotely. Email addresses are also used to send targeted messages (e.g., containing important alerts) to users of Kaspersky Lab products. Users can also optionally specify their names (or names by which they would like to be addressed on the My Kaspersky portal and in emails).
Can data transfer be restricted?
By agreeing to the license agreement during product installation and to the Kaspersky Security Network (KSN) user agreement, the user voluntarily consents to have certain information sent to Kaspersky Lab. The amount and structure of this information varies by product, so please read the agreements carefully. Business users can block data from being sent to Kaspersky Lab. Home users can limit the data sent to depersonalized information on the license, product, the device on which it is installed and threats detected by unchecking the corresponding box in the settings list.