LUCY

Data anonymization is a type of information sanitization whose intent is privacy protection. It is the process of either encrypting or removing personally identifiable information from data sets so that the people whom the data describe remain anonymous. This is required by law in different countries. Before we explain the Anonymisation of data, we want to answer a few questions regarding data security & privacy:

• Where is LUCY storing and processing data? Lucy can be installed On-Site or on a cloud server. All data is stored within LUCY, no matter where it is installed.

• Where is data sent? No personalized information that falls under GDPR ever gets transmitted outside of LUCY. As you can see in this chapter, LUCY uses some connections to centralized servers (e.g. update server). This is only for maintenance reasons and to maintain the functionality.

• Do we have a data processing agreement: We do. Please visit this chapter

• Protecting personal data: Lucy encrypts the data and offers many possibilities to secure access to the data.

• Collecting personal data: In certain countries, you are not allowed to collect personalized data (e.g. who failed a phishing simulation and who did not pass a training). In such a case you need to enable anonymous mode in LUCY. This will be described in the next chapter.

The following (not complete) list of information can be collected within a phishing or awareness campaign:

1. Emails Opened: Recipients opened the email
2. Link Clicks: Recipients clicked the link in the email
3. Successful Attacks: Recipients submitted data in a form (e.g. login data that is submitted via a form based POST request), clicked on a link, executed a file etc.
4. Hourly Stats: Page views, link clicks, successful attacks, invalid submits, etc.
5. Daily Stats: Page views, link clicks, successful attacks, invalid submits, etc.
6. Recipient Criteria's: Based on the usage of additional fields in the recipients list you can sort and filter the statistics for each field
7. Operating System Of recipient. This information is based on the user agent string
8. Browser type of the recipient
9. Browser Plugins of the recipient
10. File downloads
11. IP: Remote IP address of your recipient.
12. Vulnerable Browser | Vulnerable Client: Based on the user agent, LUCY will tell you if there is any vulnerability.
13. Time based stats: How long does the user stay on each landing page
14. User history: Historical user statistics
15. Awareness stats: Number of users trained, % correct questions, training results, users who did not start/finish training etc.

Within a campaign you can enable anonymous mode in the matching scenario settings:

Please note that this operation cannot be undone!

The personal information is then no longer visible:

If you also want to anonymize additional statistical data (browser, IP, etc.), you can set this in the advanced settings:

Additional anonymization options are possible in LUCY (under /settings/advanced settings):