How it works | Havas Anonymous Portal

Anonymity and encryption

In order to ensure anonymity on the Havas Anonymous Portal, we have implemented encryption for user identities when logging in. This encryption process scrambles personal information, rendering it indecipherable to anyone without the corresponding decryption key.

The Portal is built with the Drupal Content Management System (CMS). The data is stored in an encrypted MySQL database to avoid data leakage risks in case someone would ever retrieve a copy of the database.

Who has access

The system has 5 user roles:

Logged in users: This is the basic role to access the Portal and is given automatically after a user successfully uses the Havas SSO to login. Users with this role will have access to the listing of the messages they created and all the replies that have been added to them.
Human Resources: This role is manually assigned by an administrator to members of the Havas People/HR teams. Users with this role will have access to all the messages created on the site and will be able to reply to each one of them, but will not have access to personal user data (this role does not have access to a decryption key and therefore cannot identify any individual).
Developer: This role is manually assigned by an administrator to users of the platform development team. Users with this role will have access to all the configuration of the site. Developers will not have access to the listing of messages or any personal user data (this role does not have access to a decryption key and therefore cannot identify any individual).
Global IT Administrator: This role will only be given to one Havas Global IT team member. Users with this role will have access to all ‘Human Resources’ and ‘Developer’ role data and configuration of the site, and they will also have access to the decryption key and therefore be able to identify individuals in exceptional emergency situations (please see below for explanation).

Exceptional emergency situations

In exceptional emergency cases, where we believe there is a credible threat to the personal safety of a user or to others, it will be possible to retrieve a user’s identity via the Global IT Administrator role. This will only be possible with express approval, in writing, from the UK Group Chief People Officer and UK Chairman (or their deputy in the case of absence). The request must then be made to a Global IT Administrator who will be able to decrypt that individual and provide the decrypted information to the UK Group Chief People Officer and UK Chairman only (or their deputy if relevant per above). For the avoidance of doubt, no other individual will have access to decrypted information or have the ability to decrypt the database.

The answers to more specific questions can be found on the FAQs page.