Overview of Informa TechTarget

Informa TechTarget (Nasdaq: TTGT) informs, influences and connects the world’s technology buyers and sellers, to accelerate growth from R&D to ROI. With an unparalleled reach of over 220 highly targeted technology-specific websites and over 50 million permissioned first-party audience members, Informa TechTarget has a unique understanding of and insight into the technology market.

Underpinned by those audiences and their data, we offer expert-led, data-driven, and digitally enabled services that deliver significant impact and measurable outcomes to our clients.

  • Trusted information that shapes the industry and informs investment
  • Intelligence and advice that guides and influences strategy
  • Advertising that grows reputation and establishes thought leadership
  • Custom content that engages and prompts action
  • Intent and demand generation that more precisely targets and converts

Informa TechTarget is headquartered in Boston, MA and has offices in 19 global locations.

More about Informa TechTarget.

Our Commitment to Privacy, Security, and Data Protection

TechTarget takes privacy compliance, information security and data protection seriously and is committed to effectively safeguarding the confidentiality, integrity, and availability of the Regulated Personal Information and Confidential Data entrusted to our organization by our customers, members, employees, and other key organizational stakeholders.

TechTarget has established robust privacy and information security programs which are focused on the following:

  • Complying with the privacy laws and regulations applicable to the business services provided by TechTarget.
  • Meeting our customers’ and other key stakeholders’ requirements, including associated contractual commitments.
  • Implementing, maintaining, monitoring, and continuously improving upon our security and data protection controls; and
  • Aligning our program requirements with generally accepted privacy and information security best practices and regulatory requirements.

Through the above programs, TechTarget’s overall intent is to create a proactive environment focused on effectively safeguarding the privacy and security of TechTarget’s key data and organizational assets and the systems that support them.

Information Security Program

TechTarget’s Information Security Program encompasses the creation, implementation, maintenance, enforcement, and oversight of the organization’s information security program requirements including related policies, procedures, standards, guidelines, and controls. The Information Security Program is focused on safeguarding all Regulated Personal Information and Confidential Data entrusted to us as required by applicable laws, rules, and regulations and in accordance with our contractual commitments.

TechTarget’s overall Information Security Program framework includes the following core components:

  • Executive Level Support and Commitment
  • Appointment of Dedicated Security Personnel
  • Policies, Procedures, Standards, and Guidelines
  • Information Security Training/Awareness Activities
  • Information Security Risk Assessments for High Priority Systems
  • Information Security Incidents Identification/Response
  • Workforce Security Incident Reporting
  • Information Security Breach Notification
  • Security Processes and Controls for Protected Regulated and Confidential Data
  • Security Control Audits/Evaluations
  • Information Security Program Updates and Maintenance

Privacy and Data Protection Program

TechTarget has a strong privacy and data protection governance program to manage privacy compliance and data protection risks. This program is based upon a foundational policy which establishes the overall privacy program framework, and which identifies key control areas, processes, and organizational strategies for data protection and privacy compliance. In addition, this program includes detailed policies and operational privacy processes focused on compliance with specific aspects of applicable privacy laws.

TechTarget’s overall Privacy Program framework includes the following core components:

  • Executive Level Support and Commitment
  • Appointment of Dedicated Privacy and Security Personnel
  • Policies, Procedures, Standards and Guidelines
  • Privacy and Security Training/Awareness Activities
  • Privacy by Design
  • Security Controls for Protected Regulated and Confidential Data
  • Privacy Incident Management
  • Data Breach Notification
  • Privacy Inquiries and Investigations
  • Privacy and Related Security Control Audits
  • Privacy Program Updates and Maintenance

Roles and Responsibilities

We have assigned clear roles and responsibilities for the administration of both our information security and privacy programs. This includes designating executive level staff with the responsibility and accountability for providing guidance and strategic support to both governance programs as well as their related controls and processes in accordance with business strategy, customer requirements, and applicable legislative and regulatory requirements.

Additionally, the Company has assigned dedicated senior managers with extensive hands-on security experience to key information security roles. TechTarget has also formally appointed two staff members to be designated Data Protection Officers and has assigned other staff members to function as regional Privacy Representatives. In addition, other dedicated personnel help to monitor compliance and assist with the implementation of new and changing privacy and data protection program initiatives.

Other Administrative Controls

In addition to our foundational information security and privacy policies, we have other key policies, procedures, and controls in place to manage and mitigate both security and privacy risks including the following:

  • Information Security Risk Management Policy
  • Access Control, Authentication, and Authorization Policy
  • Acceptable Use Policy
  • System Development Lifecycle Policy
  • Password Management Policy
  • Data Classification and Handling Policy
  • Business Continuity and Disaster Recovery Policy and Plan
  • Privacy and Security Incident Management Policy and Plan
  • Record Retention and Destruction Policy and related Retention Schedules
  • Third-Party Assessment Policy and related assessment forms

Privacy and Security Training and Awareness Programs

To promote an ongoing privacy and security-focused culture, TechTarget’s personnel and key applicable stakeholders receive extensive privacy and information security training via a variety of formats. This training is focused primarily on an overall understanding of the organization’s privacy and security programs, including the detailed requirements of these programs, and training for employees with specific roles and responsibilities. In addition, all our employees also receive monthly security awareness training.

Human Resource Controls

TechTarget strives to attract and retain a pool of diverse and exceptional candidates and supports their continued development after they become employees. We consider our employees our driving force in the competitive B2B technology marketing space. We also appreciate the significant role our employees play in protecting our member and customer data.

  • We perform background checks on our prospective employees depending on the role they will perform and in accordance with local laws, rules, and regulations (which vary in different countries and jurisdictions).
  • We require all new employees to read and acknowledge our information security and privacy policies and undergo training during the onboarding process, as well as throughout the course of their employment.
  • We ensure that employees are evaluated through annual performance reviews and, further, are recognized, rewarded, and engaged based on their contributions.

Our ability to retain our workforce is also dependent on our ability to foster an environment that is safe, respectful, fair, and inclusive of everyone and promotes diversity, equity, and inclusion inside and outside of our business.

Incident Management

TechTarget has a privacy and security incident management program in place which includes a detailed plan and an established, cross-functional team to manage and investigate potential incidents. One of the key goals of this team is to quickly identify and respond to a privacy or security incident to minimize its impact on the organization and reduce any potential disruption to operations.

Third-party Assessment Program

TechTarget has a robust third-party assessment program in place to evaluate the general compliance, privacy, and security controls. In addition, we perform an annual maintenance review for key third-parties associated with our high priority systems.

Information Security Technical and Physical Security Controls

TechTarget has multiple IT system security controls and practices in place including, but not limited, to the following:

  • Access and Authorization Controls
  • Authentication and Password Management Controls – Including complex password requirements and salted hash controls
  • Network Security Controls
    • Firewalls
    • IDS/IPS
    • SIEM (Centralized logging/monitoring)
    • Weekly vulnerability scanning
    • Penetration Testing
    • Wireless Networking Controls
  • Server and Workstation Controls including the following:
    • Patch Management/Hardening Controls
    • Virus, anti-spam and malware protection controls
  • Encryption controls:
    • Encryption in Transit (HTTPS: TLS 1.2, SFTP, etc.)
    • Encrypted Backups
    • Encryption at Rest (AES 256)
    • Encryption of Endpoint Devices
  • Data Storage, Retention, and Destruction
  • Physical Security Controls
    • Restricted Access and Environmental Controls
    • Disaster Recovery and Backup Controls

TechTarget also utilizes SOC 2 compliant data centers and cloud service providers both for internal business applications as well as in support of the delivery of its services.

Data Privacy Operational Processes

Our privacy program is continuously evolving and improving to meet the requirements of the ever-changing privacy landscape. It is designed to protect the information assets entrusted to us by our members, customers, and employees and is focused on, among other things, complying with applicable privacy laws and regulations (including, for example, GDPR and CCPA), meeting customer and stakeholder requirements, and aligning with generally accepted information privacy best practices. We have multiple controls and practices currently in place including the following:

  • Maintaining Records of Processing (and related data transfer information)
  • Privacy Impact Assessments
  • Performance of Legitimate Interest Analyses
  • Personal Information Data Inventory and Mapping
  • Individual Rights Processing and Procedures
  • External Privacy Notices, Links, Forms, and Processes
  • Third Party Privacy and Security Assessment Processes
  • Privacy Incident Management

We also perform audits periodically to ensure we are meeting our regulatory and customer-related obligations.

TechTarget Data Collection

TechTarget is a B2B data provider. We collect and use business contact records through a voluntary member registration interaction, where prospective members provide their contact information in exchange for gaining access to premium content on our network and communications from us and our customers that are relevant to their professional interests. The personal information collected is limited to non-sensitive contact information (e.g., name, title, contact info (email, phone, business address)) and is used in accordance with our online privacy policies and notices.

Transparency in how we collect, use, share, and protect data, including personal information, is a key privacy principle we embrace. As a B2B provider, we understand the value of providing both our members and our customers with clear information about our data practices. To support this effort, we have adopted publicly accessible privacy policies and notices which are posted conspicuously on our websites, on our registration forms, and in our email communications. We have also adopted various member agreements that govern the use of our services and have provided our members and customers with various methods for exercising their applicable data subject rights. Our privacy policies and agreements include the following:

We only collect and process personal information that is relevant to and necessary to provide our services, as outlined in our privacy policies and notices, and in a lawful and secure manner. We also provide our members with a clear process to submit a data subject rights request, such as to access, correct, delete, transfer, or opt out of sale or sharing of their personal information:

  • For EU or UK GDPR Data Subject Rights Requests, click here.
  • For California CCPA Consumer Rights Requests, click here.
  • For Other Privacy Related Requests, click here.

Certifications

The program’s structure is influenced by several industry security standards and frameworks, such as the National Institute of Standards and Technology (NIST), applicable SOC 2 criteria, and the International Organization for Standardization (ISO). For example, our BrightTALK webinar and channel platform meets the International Organization of Standards (ISO) 27001 standard and our Priority Engine purchase intent service meets the SOC 2 Trust Service Criteria for Security, Availability, and Confidentiality established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).

More about BrightTALK’s ISO 27001 Certification

More about TechTarget’s Priority Engine SOC 2

AI Policy Statement

Introduction

The development and use of Artificial Intelligence (AI) technologies in business applications is fundamentally transforming the business landscape. As the global leader in B2B purchase-intent data, one of our goals with respect to approaching the use of AI is to build trust and confidence in these technologies with our customers, members, employees, and other stakeholders. We believe that AI, when used responsibly, can drive innovation, improve lives, create value, and provide new opportunities. This policy statement outlines our commitment to fostering trust in AI systems, with a focus on responsibility, accountability, and transparency.

Guiding Principles

1. Responsibility

We are dedicated to upholding the highest standards with respect to the use and deployment of AI systems. This commitment to responsible practices includes:

  • Responsible Applications: avoiding using AI systems in ways that could harm individuals, discriminate against any groups, or perpetuate societal inequalities.
  • Ethical Guidelines: following ethical guidelines that prioritize fairness, transparency, and accountability in AI system development and deployment.
  • Informed Design: considering overall compliance and privacy and security principles in the design, development, use and implementation of AI systems.
  • Policies and Procedures: requiring the use of AI systems to operate in compliance with our policies and procedures and continuously improving on these policies and procedures.

2. Accountability

We are committed to ensuring the development and use of AI systems with applicable rules and guidelines and believe that AI systems must remain accountable. This commitment to accountability includes:

  • Laws and Regulations: complying with applicable laws and regulations related to the use of AI and ensuring that our AI systems are designed and operated within the appropriate legal framework.
  • Data Security: implementing and maintaining robust data security measures to safeguard information against unauthorized access, breaches, or misuse.
  • Model Integrity: ensuring the integrity and security of AI models and algorithms to prevent tampering or malicious use.
  • Proactive Monitoring: continuously monitoring AI systems for potential security threats and responding swiftly to any confirmed incidents.

3. Transparency

We respect the privacy of individuals and are committed to ensuring users understand when AI systems are at work through clear, understandable, and transparent notices and other disclosures regarding use. This commitment to transparency includes:

Our commitment to responsible AI is upheld through a robust governance framework:

  • User-Centric Design: putting users at the center of AI development, striving to enhance their well-being, experiences, and understanding and ensuring alignment with individual user’s expectations.
  • Data Minimization: collecting and using only the data necessary to allow the AI system to function properly, adhering to the principle of data minimization.
  • Data Stewardship: establishing robust data stewardship practices, including clear data retention policies and responsible data handling procedures.
  • Human Oversight: maintaining human oversight in AI system and decision-making processes, particularly in situations that involve sensitive or ethical considerations.

Trust-Centered AI Governance

  • AI Governance Committee: We have established a Data Governance Committee tasked with overseeing ethical AI practices, ensuring compliance, and addressing AI-related concerns.
  • Training and Awareness: We provide ongoing training to all stakeholders involved in AI development and deployment, emphasizing ethical considerations, and fostering responsible practices. We hold individuals and teams accountable for the responsible use of AI systems, with clear guidelines for ethical decision-making.
  • Third Party Compliance: We have implemented policies and procedures to review third party applications for the use of AI systems to ensure they align with our governance framework and guiding principles.

Conclusion

TechTarget is dedicated to fostering trust and confidence in AI technologies. Our commitment to responsible AI use, guided by principles of responsibility, accountability, and transparency, reflects our mission to lead the way in building a trustworthy AI ecosystem.

We continuously review and update this policy to ensure that our practices align with the evolving landscape of AI ethics and technology. Through these principles and a culture of responsibility, we aim to make AI a force for positive change that benefits all our stakeholders including our customers, members, and employees.

Consumer Rights and Data Subject Information

TechTarget values the privacy rights of its members, sales prospects, and other consumers or data subjects (collectively, “Data Subjects”). We are continuously enhancing the mechanisms in which Data Subjects can exercise their rights. This page contains information on the rights Data Subjects have and the consequences of exercising a specific right.

JOINT CONTROLLER STATEMENT

What Rights do I have?

Applicable privacy laws, like the GDPR, the CCPA, and the LGPD, provide individuals with rights over their personal data.

How Do I Exercise My Rights?

Our process for Data Subjects to exercise their rights is based on the jurisdiction in which the Data Subject is located.

  • For Data Subjects that are based in the European Union, Switzerland, or the United Kingdom, please use this form.
  • For Data Subjects that are based in California, please use this form.
  • For Data Subjects in all other locations, please use this form.

How TechTarget processes requests made by Data Subjects?

After receipt of a verifiable consumer request, it will be processed in accordance with the timeframes under the applicable data privacy legislation. We encourage data subjects to use the forms we provide to help process your request.

  • Access Requests / Data Portability – by making a request to access your personal data, TechTarget will provide you with contains information on the personal data we have collected about you.
  • Right to Rectify – where applicable,TechTarget allows users to update their profiles at any time by submitting a request using the forms provided above.
  • Deletion / Right to Be Forgotten / Erasure – with this type of request, the Data Subject has three options to initiate deletion. These options include (1) Removal From All (2) Removal from Membership Database and (3) Removal From Sales and Marketing Databases.
    • Removal from All – By selecting remove me from all databases, you will be deleted from our systems. This means that your personal data, what entities received your personal data, and your activity data will be deleted. This cannot be undone, and we recommend making an access request if you need this personal data for other purposes. This selection also means that if you are in our sales or marketing database, your personal data will also be deleted. If you are a registered TechTarget member and make a request to be removed from all, this means that all your personal data for our other properties, i.e. BrightTALK, will also be deleted.
    • Removal from Membership – If you select remove me from MEMBERSHIP databases only, your personal data, the entities that received your personal data, and your activity data will be deleted, but your personal data will remain in our sales and marketing databases.
    • Removal from Sales and Marketing – If you select remove me from PROSPECT SALES and MARKETING databases only, your personal data will be deleted from our sales and marketing databases only, but your personal data will remain in our membership databases. 
  • Right to Object / Right to Opt-Out – where applicable, you have the right to object to processing. If a Data Subject exercises their right to opt-out of the sale of their personal data, our process is to treat that as a deletion request. Data subjects are encouraged to use our forms to submit a request.

How do you verify my identity?

After making a deletion request, our process is to send a notification email to verify that you submitted the form and to allow us to complete your request. If you fail to verify your identity, then your request will not be processed. Responding to that email it will trigger the deletion process. If you submitted a request in error, then please email [email protected].

Do you have a process for authorized agents?

Authorized Agents who have the regulatory authority to submit a request shall use our Authorized Agent Portal available here to submit rights requests on behalf of individuals from whom they have received prior authorization to act on their behalf.

To ensure the security of an individual’s personal data, we ask that all requests from Authorized Agents be submitted via this method. Evidence of a signed authorization to act on behalf of the individual that is the subject of the request, should be submitted as a PDF as part of this process. Authorized Agents must also attest to their legal authority to submit information on behalf of everyone they represent. If an Authorized Agent is unable to provide proof of authorization, their request may be rejected.

Providing missing or inaccurate personal data on behalf of the individual you are representing may also result in the request being denied, unless that information is promptly corrected by the Authorized Agent.

After making a deletion request, our process is to send a notification email to verify that you submitted the form and to allow us to complete your request. If you fail to verify your identity, then your request will not be processed. Responding to that email it will trigger the deletion process. If you submitted a request in error, then please email [email protected].

Do you have additional contact information?

We can be reached multiple ways.

Data Broker Registrations

California

The California Privacy Protection Agency (CPPA) (and, formerly, the California Attorney General’s Office) manages California’s Data Broker Registry. The CPPA website includes a list of all registered data brokers and is accessible here

Oregon

The Department of Consumer and Business Services manages Oregon’s data broker registry. Information about the data broker registry is available state’s data broker registry.

Texas

The Texas Secretary of State manages the Texas’s Data Broker Registry. In accordance with the requirements of the Texas data broker law, TechTarget is posting the following notice

The entity maintaining this website is a data broker under Texas law. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.

Vermont

The Vermont Secretary of State (VT SOS) manages Vermont’s Data Broker Registry. The VT SOS website includes a list of all registered data brokers and is accessible here.

Joint Controller Statement

Introduction

This Joint Controller Statement (“Statement”) explains the nature of the relationship between TechTarget, Inc.  (“TechTarget”) and Informa PLC (“Informa”) in relation to the way we handle your personal data. For the purposes of Article 26 of the EU General Data Protection Regulation (“GDPR”) we are joint controllers when carrying out certain data processing activities.  This Statement sets out our respective responsibilities under applicable data protection laws. If you have any questions, please contact:

The Joint Controller Relationship

In 2024, Informa and TechTarget combined parts of their businesses to create a platform to serve B2B customers at scale digitally. Following this transaction, TechTarget became an Informa company and certain datasets were combined, meaning each company became a joint controller of the data in those records. Data protection is taken seriously by both Informa and TechTarget and we set out the information below to assist you with understanding your rights in relation to the personal data held by us.

What do we do with your personal data?

Certain services and products are provided by both Informa and TechTarget, such as lead generation and marketing activities. Where this is the case, each company may use your data to provide the services, to keep a record of your preferences and sometimes to let you know about other products or services that may be of interest to you. Collectively, these activities are called “Joint Controller Purposes”. We will only process your personal data where we have a lawful basis to do so.

Who is responsible for dealing with a request from you?

Informa and TechTarget have a Joint Controller Agreement in place, which sets out our respective responsibilities in relation the Joint Controller Purposes. Those that impact data subjects are set out below:

  • Data subjects may choose to request any of their GDPR rights via either Informa or TechTarget in connection with the Joint Controller Purposes. The company that received the request will have primary responsibility for fulfilling that request and the other company will provide any necessary assistance.
  • Both Informa and TechTarget share responsibility for complying with the data protection principles, including transparency, data accuracy, data minimisation, fairness, accountability, security, storage limitation and data protection by design, in connection with the Joint Controller Purposes.
  • If either Informa or TechTarget receives a request from a data subject or a supervisory authority for information relating to the Agreement or the Joint Controller Purposes, that Party shall provide to the data subject or supervisory authority, as appropriate, this Statement.

For further information about Informa’s processing of your personal data, please see the Informa Privacy Policy.

For further information about TechTarget’s processing of your personal data, please see the TechTarget Privacy Policy.

Conversion Pixel