Privacy Policy

Effective date: November 1, 2014

The DRM Institute (“DRM Institute”) – a non-profit entity and its corresponding website (the “DRM site”), has been created to facilitate a dialog and the exchange of ideas with leading business leaders, risk officers, technology and security professionals, to create best practices in the area of Digital Risk Management (“DRM”).

This Privacy Policy governs the collection and use of information and data, such as Profile Information (as defined below) you provide when you access, download information from, register with, or otherwise interact with the “DRM Site” located at or any other DRM Institute property or asset where a link to or reference to this privacy policy is presented (e.g. on the DRM Maturity Model or the DRM Scorecard). By the accessing and the continued use of the DRM Site or other applicable property or asset, you signify your explicit consent to these terms and conditions of our Privacy Policy.

Information Collection and Use

You may submit and provide to us contact information, such as your name, title, company name, address, phone number, and e-mail address, and other information that may be used to identify you personally (collectively referred to as “Profile Information”) while visiting the DRM Site, to receive material such as white papers, publications and other digital content; or to complete a survey, or to become a member of the DRM Institute, and other scenarios in which you provide information to the DRM Institute. We will use this Profile Information only as directed or consented to by you, which may include: (1) to provide you with information about the expanding field of Digital Risk Management and facilitate discussion; or (2) to update you on trends and events in the category of digital risk management. Information you provide to us that does not identify you personally, such as answers to survey questions that create the DRM Scorecard, input about the industry, or other such information, may be used and disclosed by the DRM Institute or our founding sponsor and technical advisor, Waverley Labs LLC (“Technical Advisor”) for other purposes, such as generating publicly available benchmarks.

Parts of the DRM Site may be reviewed and accessed without providing any information to the DRM Institute that would personally identify you. If you choose to download a white paper, join a particular discussion or bulletin board, or complete a survey, however, you may be required to become a member with the DRM Institute. Members may be asked to provide contact information, such as your name, company name, phone number, and e-mail address. Any such information that serves to identify you or provides a means to contact you will also be Profile Information and, as provide in this privacy policy, may only be used or disclosed as directed by you.

Some visitors may be asked to register to receive some of the material that is listed above separate and apart from membership (“Registered User”). Registered Users and DRM Institute members, may request from us – and we will grant such Registered Users and DRM Institute members – reasonable access to their own personal information that the DRM Institute holds about them. In addition, the DRM Institute will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Please contact to change your personal information gathered on the DRM Site or elsewhere this policy applies.

Please be aware that Registered Users who are also DRM Institute members may have two accounts. You may resign from DRM Institute membership and may still retain your status as a Registered User.

Additionally, at some point you may take advantage of our reserved resources. To do so, you must have a LinkedIn account. LinkedIn is not affiliated with, and does not sponsor or endorse, DRM Institute, but the reserved resources created by entities working closely with the DRM Institute are built using the LinkedIn API. We do not store your LinkedIn information when you use it and do not collect information from your LinkedIn account. All information provided to the DRM Institute is provided directly by you. The DRM Institute does not use spiders, crawlers, or illegal bots to comb information from sites.

Regardless of how you choose to interact with the DRM Site, and what information you are required to share, except as outlined here (please see the “Third Party Use” section below) or explicitly stated at the time we request the information, we do not disclose to third parties the Profile Information you provide.

Use of Cookies

Through various automated technologies, some of which are defined below, the DRM Institute may also collect certain information that does not identify you personally, such as that pertaining to web pages viewed, to analyze trends, track users’ movements, provide a better website experience and gather broad demographic information for aggregate use. This information is also used to help diagnose technical problems, and to administer the DRM Site in order to constantly improve the quality of DRM Site.


Like most websites, we use “cookies” to collect visitor information. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser and are used whether you’ve registered with the DRM Site or are just browsing. Cookies make it possible for us to recognize your browser when you visit the DRM Site and to tell us whether DRM Institute Members, Registered Users, and visitors have visited the DRM Site previously. If you are a DRM Institute Member or Registered User, we may link that information back to the cookie and be able to determine who you are while you are on the DRM Site. This information may be used to provide you with information about DRM, or information Waverley Labs believes to be relevant to you based on your actions on the DRM Site.

Third-Party Tracking Technologies

The use of tracking technologies by our third-party tracking utility companies is not covered by our privacy policy. The information collected will be used to enhance the user-experience and measure site performance.


We use commercially reasonable efforts to comply with Federal Can-Spam laws. If you receive commercial communications from the DRM Institute via email and do not wish to further receive these communications, follow the instructions contained in the email to unsubscribe from our email server. Please note that if you unsubscribe from our email server but remain a Registered User or DRM Institute Member, you will continue to receive updates that are administrative in nature. If you receive a phone solicitation from one of our authorized third parties based upon information you provided, you may tell that individual you do not wish to receive further calls.

Third-Party Use

The Technical Advisor manages the operations of the DRM Institute. As such, the Profile Information you provide will be accessible by the Technical Advisor. It’s use will be governed by this policy. The Technical Advisor will not use Profile Information other than as directed or consented to by you and will not contact you unless you specifically consent to such contact. Additionally, we may use third party subcontractors, affiliated with DRM Institute through contract, to provide services to the DRM Institute, which may involve incidental access to Profile Information. We make commercially reasonable efforts to ensure that any third party contracted to receive personal information provided by our Registered Users and DRM Institute members transferred to third parties are governed by this Policy. These companies are authorized to use your personal information only as necessary to provide these services to us and may not otherwise use your personal information unless separately consented to by you.

Third Party Requests

We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;

  • We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of The DRM Institute’s Terms of Use, or as otherwise required by law.
  • We transfer information about you if the DRM Institute is acquired by, reorganized, or merged with another company, or if the same happens to the Technical Advisor to the extent such information is in its possession as provided in this Privacy Policy. In such an event, you will have the opportunity to ask not to receive further contact following any such change of control.

Blogs/Chat Rooms/Public Forum Features

The DRM Site may make available various public or semi-private forum features that allow you to post unsolicited information. Should you choose to engage in any forum offered on the DRM Site, be aware that information you submit may be read by third parties and used outside of our control. To request removal of your personal information from our blog, contact us at In some cases, we may not be able to remove information, in which case we will let you know if we are unable to do so and why.


We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive information. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.


We may update this privacy policy to reflect changes to our information practices. If you have provided us your information as a Registered User or a DRM Institute member, and we make any material changes to this privacy policy, we will notify you using the email you provided. We will also post a reasonably conspicuous notice on the DRM Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Additional Information

If you have questions about this Privacy Policy or the DRM Site, you can contact us at