Security Archives

How Does PASS Keep Your Data Safe?

passpacs on September 30, 2025

Data security. We’ve talked about it before, but we can never talk about it too much. Today’s topic? Data in transit. More specifically, what strategies we employ at PASS to ensure the information our clients share with us, and we with them, is well protected and secure as it moves between the two parties.

One of the primary tactics PASS uses to protect sensitive information is email encryption. Encryption converts data into code to prevent unauthorized access. Anytime we include confidential or sensitive information in an email, we encrypt the email. This encryption makes it possible to send highly sensitive information to the intended recipient in a secure manner. And, all replies, both back and forth, that are part of the original email thread will automatically be encrypted as well. No special software is required to read and reply to these encrypted emails.

Another strategy that we employ at PASS to protect sensitive information is data segregation. The concept of data segregation is quite simple: separate the data into organized categories based on some defined criteria, such as sensitivity or purpose, and limit the parties who have access to each category. That way, if there is an unauthorized data breach in one category, the other categories of data will remain secure. Data segregation helps mitigate the risk of a security incident and safeguards the remaining sensitive material.

What happens when larger files of a sensitive nature cannot be transmitted in a single email? That’s where Secure File Transfer Protocol (SFTP) comes in. In the simplest terms, SFTP is like having your own personal vault where you can store and transfer data in and out securely. Once an SFTP connection has been established, data can be transferred to and from the SFTP server safely and securely, and data transferred via SFTP is encrypted.

At PASS, keeping your data safe and secure and your PAC compliant are two of our main priorities.

For more information about our data security and PAC compliance services, contact your Compliance Manager or reach out to Megan Allen at mallen@pass1.com.

Search Your PAC Data with Ease and Accuracy

passpacs on January 21, 2025

PASS utilizes SQL Server to power our epacInfo® software. The SQL Full-Text Index is unlike traditional SQL queries, which match exact phrases or keywords. Full-Text Index enables users to perform more complex searches, including fuzzy searches, stemming, out-of-order words search, and wildcard search.

This capability proves invaluable for applications requiring advanced search functionality, such as PAC Disbursement maps and our PAC Match Charity Search tool that allows user to search over a million charities with high efficiency and flexibility.

Here are some tips and examples of how they can be applied:

“Color” vs. “Colour”: If a user searches for “color,” but the database contains entries with the term spelled as “colour,” a fuzzy search could still return relevant results.
“Organization” vs. “Organisation”: Similar to the previous example, a fuzzy search can handle variations in spelling such as “organization” and “organisation” to ensure relevant entries are retrieved regardless of the spelling used.
Verb tense variations: Searching for “run” should return results for “running” and “ran.””
Plural Forms: Fuzzy search can handle pluralization variations. For example, searching for “cat” could retrieve results containing “cats.” Another example: searching for “child” returns both “child” and “children.”
Out of order words search: There is no need to enter words in the right order. Searching for “sacred heart Boston” would yield “BOSTON ACADEMY OF THE SACRED HEART INC.”
Wildcard Search: searching for “india* child edu* found*” returns INDIAS CHILDREN AND AGED RELIEF AND EDUCAITON FOUNDATION,” which contains a typo. This is a good way to get around misspelled charity names in the IRS database (there are plenty of them, believe it or not).

The SQL technology is built into PASS’ epacInfo® software and is available to all epac users. Clients with websites utilizing PAC Match and Candidate Contribution maps also benefit. For more information about how your PAC can benefit from using a PASS PAC website and our PAC match services, contact Mary O’Reilly (moreilly@pass1.com).

Is Your PAC Data Accurate, Up-to-Date, and Secure?

passpacs on October 18, 2024

The old axiom, “garbage in, garbage out,” which became popular in the early days of computing, still holds true today. Especially with data related to your Political Action Committee (PAC).

PASS’ primary responsibility is ensuring that quality PAC data is imported to keep your PAC information accurate, up to date, and safe.

PASS uses client data to prepare and file federal and state election law reports. We apply a quality assurance approach to ensure that data is transferred and processed accurately the first time around. Quality Assurance relies on a client’s IT department along with PASS’ Receipt Analyst (RA) and Quality Assurance Manager (QA). Each is responsible for a unique part of the process.

The IT department is responsible for ensuring that the data is encrypted and secure when the data files are sent to PASS. The RA is responsible for decrypting and uploading the raw data into epacInfo® − PASS’ comprehensive data management and reporting tool. Once the team uploads the data into epacInfo®, the QA Manager must then review the processed data to ensure the information matches the data entered into epacInfo®.

Our goal is to enter the data accurately the first time around, and the quality measures PASS has in place give the team the opportunity to identify errors before a Federal, State, or Local report is filed. Errors such as an individual overcontributing to the PAC or the PAC overcontributing to a campaign. Trust the experts at PASS to keep your PAC on track by applying our 40+ years of campaign finance compliance and process experience to your PAC administration. For information about PASS’ processes and what goes into keeping your data accurate, up-to-date, and safe, contact your Compliance Manager. If you would like additional information on adding PASS as a trusted PAC partner, contact Mary O’Reilly at 703-476-3070.

Single Sign On With A Dash Of Multi-Factor

passpacs on October 27, 2023

Single sign on (SSO) is a secure and efficient way to authenticate to your PASS applications without having to recall that pesky password or security questions when changing your password. SSO has been a website staple for quite some time and you have likely used it in one place or another, even if you didn’t know it. SSO is all handled through your network management group and allows for you to login to your workstation each morning and have access to all of the applications under your SSO umbrella. PASS website users have experienced SSO when clicking the link to a PAC enrollment site or using epacManager.

These applications seamlessly link to the Company intranet to provide more secure and efficient access.

While SSO was the standard for securing a site, multi-factor (MFA) will further enhance your authentication security. Implementing MFA adds an extra layer of security by having the application user provide a second form of identification. This includes an email or text message, which contains a one-time code, generated to the specific user’s inbox. The user provides the code back to the application and is granted access. While it may sound cumbersome, introducing MFA to your epacManager or PAC website authentication process increases site security exponentially.

Our goal at PASS is to provide top security and ease of access to our applications and PAC enrollment websites. Single sign on and multi-factor (MFA) authentication are straight-forward to implement and strongly encouraged. PASS will work directly with your network group to iron out the details and put these in place. Reach out to Erin Ver Doorn at PASS with any requests for additional information.

How PASS Keeps Sensitive Data Safe

passpacs on May 12, 2023

Working with personal data is like having your cake and eating it too. It is imperative for organizations to use personal data but, at the same time, they need to be mindful of how that data is stored, shared, and used. In this digital age, privacy is a hot topic and for good reason, considering that the last ten years have been littered with thefts of sensitive information and data breaches that have affected companies and organizations of all shapes, sizes, and sectors.

PASS clients trust us with their sensitive information so concerns about how this data is being used and who has access to it are warranted, and we take privacy and security of the data we managed and use very seriously.

For this reason, we have implemented a data governance process that includes privacy, compliance, and security protocols which are regularly monitored and audited.

One of the ways we protect our clients’ data is by limiting access to it. We only request data that we deem necessary to provide our services, and we have strict controls in place to prevent unauthorized access. We allow the clients SPOC (single point of contact) to limit epacInfo® access based on each epacInfo® user’s role and “need to know” basis. Additionally, we use encryption and other security measures to protect our clients’ data when it is in transit and at rest. This helps to ensure that even in the event of a breach, our client’s data is still protected.

We also give our clients control over their data. Our clients can choose what information they want to share with us and can alter or revoke access to their data at any time. We are transparent about what information we collect and how we use it, and we make it easy for our clients to understand and manage their data. The information we use every day is client’s data, and we respect their privacy and ownership.

In conclusion, data privacy is of utmost importance to the PASS team of employee-owners. We take every measure possible to protect it. We want our clients to feel secure and confident in our services – our data privacy and security protocols are a key to meeting this goal.