Cisco says it uses reasonable security measures to protect your data but makes no guarantee that those measures will always succeed, and accepts that breaches could occur.
This analysis describes what Duo Security's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The security disclaimer is standard boilerplate but is notable in the context of Duo Security, which is itself an authentication and security product, meaning users may have elevated expectations of data security.
Despite Duo's role as a security product, the policy does not guarantee the security of your personal authentication data and acknowledges the possibility of unauthorized access or data loss.
How other platforms handle this
We have implemented reasonable security measures designed to protect your personal information from unauthorized access and disclosure. It is important that you understand, however, that no website, Internet-connected device or online platform is completely secure. We cannot anticipate all potential...
OpenAI will notify Customer without undue delay after becoming aware of a Security Incident affecting Customer Personal Data. OpenAI will provide information about the Security Incident as it becomes available, including the nature of the Security Incident, the categories and approximate number of d...
You are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your account or password. Amazon does sell products for children, but it sells them to adults, ...
Monitoring
Duo Security has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We use appropriate technical, administrative, and physical safeguards to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. However, no security system is impenetrable, and we cannot guarantee the security of our systems or your personal data.— Excerpt from Duo Security's Duo Privacy
REGULATORY LANDSCAPE: GDPR Article 32 requires that data controllers implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The FTC has taken enforcement action against companies that made unreasonable security claims or failed to implement adequate safeguards. CCPA and CPRA include a private right of action for California residents whose unencrypted personal information is subject to unauthorized access resulting from a business's failure to maintain reasonable security procedures. GOVERNANCE EXPOSURE: Low to Medium. The standard security disclaimer is ubiquitous in privacy policies and does not by itself create material compliance exposure. However, for an authentication security vendor, the adequacy of security measures is subject to heightened scrutiny from customers and regulators. Enterprise customers should verify security standards through SOC 2 reports, ISO 27001 certifications, or other audit documentation rather than relying on this policy language. JURISDICTION FLAGS: California residents have a statutory private right of action under CCPA for unauthorized access to personal information resulting from inadequate security. Organizations in regulated sectors should assess whether Cisco's security posture meets sector-specific requirements such as HIPAA Security Rule or PCI-DSS. CONTRACT AND VENDOR IMPLICATIONS: Enterprise DPAs and security addenda should specify the minimum security standards Cisco is contractually obligated to maintain, including encryption standards, access controls, incident response timelines, and breach notification requirements. The general disclaimer in this public policy should not be treated as the operative security commitment for enterprise deployments. COMPLIANCE CONSIDERATIONS: Legal and risk teams should request Cisco's most recent SOC 2 Type II report and any applicable security certifications as part of vendor due diligence. Breach notification timelines and obligations should be explicitly addressed in the enterprise agreement, separate from the general disclaimer in this provision.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The security disclaimer is standard boilerplate but is notable in the context of Duo Security, which is itself an authentication and security product, meaning users may have elevated expectations of data security.
Despite Duo's role as a security product, the policy does not guarantee the security of your personal authentication data and acknowledges the possibility of unauthorized access or data loss.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duo Security.