The Music Center Inc. makes it a priority to take our online customers’ security and privacy concerns seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.
This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected.
Application and User Security
- User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on.
- User Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.
- Data Encryption: Certain sensitive user data are stored and transmitted in encrypted format.
- Data Portability: Data are not available for export to other applications.
- Data Centers: Our information systems infrastructure (servers, networking equipment, etc.) is collocated at third party data centers.
- Data Center Security: Our data centers are staffed and surveilled 24/7. Access is secured by security guards, visitors logs, and entry requirements such as passcards and biometric recognition. Our equipment is kept in locked cages.
- Location: All user data is stored on servers located in the United States.
- Backup Frequency: Backups occur hourly internally, and daily to a centralized backup system for storage in multiple geographically disparate sites.
- Production Redundancy: Data stored on a RAID 10 array. O/S stored on a RAID 1 array.
Organizational & Administrative Security
- Employee Screening: We perform background screening on all employees.
- Training: We provide security and technology use training for employees.
Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality obligations if they deal with any user data.
- Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.
- Audit Logging: We maintain and monitor audit logs on our services and systems (our logging systems generate gigabytes of log files each day).
- Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if The Music Center Inc. learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any data you download to your own computer away from prying eyes.
Last updated: May 20, 2014.