TBA Privacy Notice

Last updated: March 13, 2021

Service Provider

West and Central African Research and Education Network (WACREN)
VCG Office Complex, IPS Road
P O Box LG 1279, Accra, Ghana

Gathering and Use of Personal Data

Gathered information is used to enable the use of the Service environment and user authorisation. TrustBroker Africa processes personal data to provide a directory of incident response and security teams. This enables effective communication in a trusted environment for incident and vulnerability management. The personal details you enter on the TrustBroker Africa Service or in communication with the WACREN will be used only for the tasks and work of the TBA Service. These data will not be issued to third parties, unless it is related to the TrustBroker Africa tasks and work.

TrustBroker Africa also processes log information for its sites and systems.

Published Contact Data

As part of the service to the CSIRT community and reporting sites, TrustBroker Africa collects a set of personal data from to enable teams to be contacted in regard to attacks and suspected incidents as well as to contact each other in the event of a security incident.  Data is made available in two different formats:

  1. In the public TrustBroker Africa directory, an email address (typically role-based but teams may register an individual address), a business address and a business telephone number is made available for each Listed and Accredited Team.  An emergency number is also made available – this is typically a mobile phone. 
  2. In the protected TrustBroker Africa directory, individual email addresses and contact names are additionally made available.  This is accessible by Accredited Teams, TBA Associates, TrustBroker Africa staff and WACREN staff.

Data is made available with the consent and at the request of the teams in the directory and revalidated at predetermined intervals. The data is only be used for the purpose set out by TrustBroker Africa – that is to support communication and cooperation for security attacks, incidents and vulnerabilities.

All personal data collected is managed by TrustBroker Africa through a management system accessible only by TrustBroker Africa staff. Backups are regularly and routinely made and kept in separate, off-site locations. Only authorised persons after having been authenticated based on signatures and passports or security token and PINs can access those locations. The X.509 client and server certificates used internally for all services utilised within the TBA community are protected by FIPS140 Level 3 certified HSM (High Security Modules, which are operated in an ETSI certified PKI environment.

Any misuse of data should be reported to TrustBroker Africa and appropriate action will be taken.