Symantec Browser Protection extension.
Because it is fast and nearly blocks everything I throw at it (it rarely misses a new hosting location of a known payload, but blocks it within minutes after the initial connect) I like it very much. Sadly it refers to a generic Symantext Privacy Policy which more or less states they they comply with every legislation and store the (to Symantec) transmitted data as long as necessary.
Nearly a year I go I started my journey to find out how long "as long as necessary was and in what form" the full URL's were kept at Symantec central servers.
I started with the developer mentioned at the extension page in Chrome webstore. Got no reply on three mail's. So the next step was privacy team at broadcom, also got no reply after three mails. Then I mailed their dpo-office and you probably guessed that I got no answer either. So I wrote the dpo-office of Broadcom (in Ireland) a registered letter with acknowledgement of receipt telling them I would file a complaint at my national GDPR office when they (Broadcom) would not asnwer my questions.
I got answers which were so general I still had not gotten answers, so I wrote back (thanking them for their insights
) that I would like my personal data cleared providing proof of the removal by outlining their process and provide me a copy of the removed data. I got a reaction that my interpretation of the GDPR legislation was to narrow (incorrect) and that they could not supply all I asked, and that i could chat to support for further explanation.
This morning I chatted with Broadcom support and officially the only information they formally provide is that Broadcom complies with all laws and stores information send and telemetry as long as necessary to provide their services, but between the lines I understand that
1. Full URL's (at time of reputation check) are only kept as long as the cache lives, with some aggregated telemetry (depersonalized) for load balancing
2. Hits on badware classified domains are usually processed (but this can change any time)
3. Fulll URL and IP location are often kept for 30 days (they comply to law, because they are not strictly related to my device or IP address)
4. Aggregated telemetry is often kept for 100 days (no disclosure on what form but always according to law).
5. When IPS attack patterns are recognized, more detailed information is kept depending on the threat classification and this data is sometimes kept longer (for 6 months to a year), but always complying with all laws and legislation and heir own privacy policy and data protection standards.
Because the data is crucial to learn and respond to malware attacks, Broadcom uses the fluid "as long as necessary" data retention.
Because it is fast and nearly blocks everything I throw at it (it rarely misses a new hosting location of a known payload, but blocks it within minutes after the initial connect) I like it very much. Sadly it refers to a generic Symantext Privacy Policy which more or less states they they comply with every legislation and store the (to Symantec) transmitted data as long as necessary.
Nearly a year I go I started my journey to find out how long "as long as necessary was and in what form" the full URL's were kept at Symantec central servers.
I started with the developer mentioned at the extension page in Chrome webstore. Got no reply on three mail's. So the next step was privacy team at broadcom, also got no reply after three mails. Then I mailed their dpo-office and you probably guessed that I got no answer either. So I wrote the dpo-office of Broadcom (in Ireland) a registered letter with acknowledgement of receipt telling them I would file a complaint at my national GDPR office when they (Broadcom) would not asnwer my questions.
I got answers which were so general I still had not gotten answers, so I wrote back (thanking them for their insights
) that I would like my personal data cleared providing proof of the removal by outlining their process and provide me a copy of the removed data. I got a reaction that my interpretation of the GDPR legislation was to narrow (incorrect) and that they could not supply all I asked, and that i could chat to support for further explanation.This morning I chatted with Broadcom support and officially the only information they formally provide is that Broadcom complies with all laws and stores information send and telemetry as long as necessary to provide their services, but between the lines I understand that
1. Full URL's (at time of reputation check) are only kept as long as the cache lives, with some aggregated telemetry (depersonalized) for load balancing
2. Hits on badware classified domains are usually processed (but this can change any time)
3. Fulll URL and IP location are often kept for 30 days (they comply to law, because they are not strictly related to my device or IP address)
4. Aggregated telemetry is often kept for 100 days (no disclosure on what form but always according to law).
5. When IPS attack patterns are recognized, more detailed information is kept depending on the threat classification and this data is sometimes kept longer (for 6 months to a year), but always complying with all laws and legislation and heir own privacy policy and data protection standards.
Because the data is crucial to learn and respond to malware attacks, Broadcom uses the fluid "as long as necessary" data retention.
Last edited:
