Data Protection Privacy (DPP) guide for MediationZone. This document is designed to assist you, in understanding and implementing the necessary data protection measures when configuring personal data processing within the MediationZone platform.
As you implement the configurations and workflows necessary for your projects, this guide will serve as a resource for best practices and effective data management strategies within MediationZone.
Data Protection Features in MediationZone
Data Masking Agent:
MediationZone offers data masking capabilities through its Data Masking Agent, ensuring that sensitive personal data is protected in compliance with data protection regulations. This agent facilitates both masking and unmasking of specified fields within User Data Records (UDRs), providing flexibility for batch and real-time data processing workflows.
Key Features:
Masking Methods: The Data Masking Agent utilizes a profile-based approach, allowing selection of specific methods for masking—Crypto, Database, or Hash. Each method is tailored to different operational needs and compliance requirements. Supported databases for the Database masking method include Oracle, Postgres, and SAP HANA.
Encryption and Decryption: Offers strong encryption and decryption capabilities using AES-128 and AES-256 standards.
Key Management: Secure management of encryption keys through a JCEKS keystore.
Data Transformation: Ability to transform input data into random data using SHA-256 hashing.
Profile Management: Supports the use of multiple profiles within the agent, enabling different configurations for various data handling requirements.
Error Handling and Logging: Comprehensive error handling and detailed logging mechanisms to track operations and troubleshoot issues effectively.
For more detailed information on each feature and configuration steps, please refer to the Data Masking Agent section in the MediationZone documentation.
Encryption Agent:
MediationZone offers encryption capabilities through its Encryption Agent. This feature is crucial for protection data in transit and at rest.
Capabilities:
Encryption standards: Implements AES-128 and AES-256 encryption methods.
Key management: Encryption keys can be managed using the JCEKS keystore or an external keystore.
Data transformation: Employs SHA-256 hashing to anonymise data.
Detailed configurational guidelines are available in the Encryption Agent section of the InfoZone documentation.
Guidelines for DPP compliance in workflows
MediationZone provides a suite of agents and profiles that enable customers to store data temporary or permanently. These can be used for integrating data protection standards into their workflows. Understanding how to leverage these agents effectively is crucial for maintaining compliance.
In the following sections we describe the different agents and profiles that are typically used for storing data and the interactions that can be used in a DPP context.
Archiving Agent
Archiving Agent provides comprehensive data management capabilities. These agents support both archival and retrieval processes.
Looking up Archived Data: Customers can use the Archive Inspector tool to look up Archived files. This tool is accessible through the Execution Manager and provides advanced search functionality that allows users to search for files within specified periods.
Deleting Archived Data: The Archive Cleaner task is responsible for the automated deletion of outdated archives based on the purge criteria set within the Archive profile. Customers can manually trigger cleanup processes to ensure that data does not exceed its intended retention period.
Access more information by visiting Archiving section in the InfoZone documentation.
Amazon S3 Forwarding Agents
Amazon S3 Forwarding Agent provides capabilities to write data to S3.
For best practices around data security, encryption, please refer to Amazon S3 documentation.
Data Veracity Forwarding Agent
1. Lookup of Records:
Using the Data Veracity Web UI: Access the Data Veracity Web UI to search and locate specific UDRs or batches. Utilize the Search options to filter based on various criteria such as error codes, insert times, or specific MIM values. Advanced filtering and saved filters can streamline recurrent searches and improve efficiency in managing records.
View and Inspect Data: Once records are located, use the UI to view details and inspect the contents of UDRs.
2. Deleting Records:
Mark for Deletion: If a record contains sensitive information that should not be retained, mark it for deletion directly through the Data Veracity Web UI. This action flags the records but does not remove them from the database.
Force Deletion: For immediate removal, utilize the force delete option available to administrators. This should be used with caution, as it permanently removes the record from the database, ensuring that sensitive data is irrecoverable.
Automated Cleanup via Maintenance Task: Configure the DataVeracity_Maintenance system task to automatically remove records that have been marked for deletion. This can be set to occur based on specific conditions and time frames, adhering to data retention policies.
3. Managing Access and Security:
Restricted Fields and Data Masking: Ensure sensitive fields are restricted and masked to prevent unauthorized access and modification. The Data Veracity system allows the configuration of permissions to restrict who can view or edit sensitive data.
Permission Controls: Utilize the Access Controller to assign and manage permissions for different user levels, ensuring that only authorized personnel can execute sensitive operations like data deletion or modification.
4. Auditing and Compliance:
Audit Trails: Keep track of who accessed and modified the Data Veracity records. Ensure all actions on sensitive data are logged to support compliance audits and internal controls.
5. External Databases:
Refer to the specific documentation provided by each database platform. Implement encryption and secure data handling practices as recommended:
PostgreSQL: PostgreSQL Documentation
Oracle Database: Oracle Security Guides
SAP HANA: Refer to SAP Help portal for SAP HANA documentation
Access more information by visiting Data Veracity section in the InfoZone documentation.
Error Correction System
1. Looking Up Records:
Search for Records: Utilize the ECS Inspector's Search function to find specific UDRs or batches. You can filter searches based on various criteria such as workflow, agent, error code, or insert period. Advanced search options allow for more detailed filtering, including the use of wildcards and intervals for specified fields.
Using Saved Filters: For frequent searches, you can save your search settings as filters for quick future access. This is particularly useful for regularly monitoring or auditing records that meet specific criteria.
2. Deleting Records:
Selective Deletion: After locating the records using the search function, you can selectively delete entries. Ensure that the records are in a reprocessed state, as only reprocessed entries can be safely removed without affecting ongoing processes.
Bulk Deletion: For managing larger volumes of data, the Bulk Edit feature allows you to delete multiple records simultaneously. This tool is ideal for removing batches of sensitive information efficiently.
Scheduled Cleanup: Use the ECS Maintenance System Task to set up automatic purging of outdated or unnecessary records. This can be configured to remove records based on their reprocessing state and can be tailored to ensure compliance with data retention policies.
3. Secure Management:
Restrict Field Edits: To prevent unauthorized modifications, configure restricted fields to protect sensitive data within UDRs from being edited.
Monitor and Audit: Regularly review the ECS Maintenance logs and use the statistics reports to ensure that deletions and data management practices comply with organisational security policies.
Access more information by visiting Error Correction System section in the InfoZone documentation.
SQL Forwarding & Processing Agent
1. Using SQL Processing Agent for Lookup Operations:
Query Configuration for Data Retrieval: Configure the SQL Processing Agent to perform selective queries that identify sensitive data needing review or deletion. This involves setting up SQL queries within the agent to filter and retrieve only the data matching specific security or compliance criteria.
2. Configuring the SQL Forwarding Agent for Data Deletion:
SQL Statement Configuration: Utilize the SQL Forwarding Agent to execute SQL DELETE commands. In the agent’s configuration dialog, enter SQL statements specifically designed to target and delete sensitive records. Example: DELETE FROM customer_records WHERE customer_id = $(UDR.CustomerID);.
Dynamic Data Handling: Leverage MIM values and UDR field variables in your SQL statements to ensure that only the intended records are targeted for deletion, enhancing security and precision.
Stored Procedures Support: For complex deletion requirements, configure the agent to call stored procedures that encapsulate deletion logic. This approach enhances security by abstracting the deletion logic into the database layer. Example SQL call: CALL secure_delete_procedure($(UDR.CustomerID));.
Access more information by visiting SQL Agents section in the InfoZone documentation..
Disk Forwarding Agent
1. Secure Configuration:
Directory Security: Configure the Disk Forwarding Agent to store files in secured directories. Ensure that these directories have appropriate permissions set to prevent unauthorized access. Use secure file system permissions and regularly audit access rights.
Path Configuration: Carefully define and regularly review the paths used for storing temporary and permanent files. Avoid common directories and ensure paths are not publicly accessible.
2. File Handling Procedures:
File Creation and Management: When the Disk Forwarding Agent receives a 'Begin Batch' message, it should create files in a designated temporary directory, moving them to a permanent location only once fully processed.
3. Data Minimization and Retention:
Minimize Data Exposure: Configure the agent to produce files only when necessary. Avoid storing sensitive information unless required. Use the 'Produce Empty Files' option to prevent the creation of unnecessary data files.
Retention Policy: Define and enforce a data retention policy specifying how long files should be retained in both temporary and permanent storage. Automate the deletion of files that are beyond their retention period to prevent accumulation of outdated sensitive data.
4. Command Execution Security:
Command Configuration: If commands are configured to run after file closure, ensure these commands do not expose sensitive data or interact with unsecured external systems. Validate and sanitize all command inputs to prevent execution vulnerabilities.
5. Error Handling and Incident Response:
Error Handling: Configure the agent to handle errors without data leakage. For instance, if a 'Cancel Batch' message is received, ensure that all associated data is securely deleted without leaving traces in the temporary directory.
Access more information by visiting Disk Forwarding Agent - Batch section in the InfoZone documentation.
Database Forwarding Agent
1. Secure Configuration and Access Controls:
Database Profile Management: Ensure that the database profiles are securely configured and reviewed. Use encrypted connections to the database to protect data in transit. Access to the database should be restricted to authorized users and systems only.
Default Schema Use: Limit the use of default schemas in databases, especially for operations involving sensitive data. Specify explicit schemas that segregate data access based on user roles and data sensitivity.
2. Data Handling and Integrity:
Direct Insertions vs. Stored Procedures: Prefer using stored procedures over direct insertions where possible, as they allow for better control of the data manipulation logic and can encapsulate business rules and data validation steps.
Transaction ID Management: Implement transaction ID management to ensure that each batch operation can be uniquely identified and managed. This helps in maintaining data integrity, particularly in rollback scenarios and inter-workflow communications.
3. Data Minimization and Retention:
Field Mapping and Data Exposure: Minimize data exposure by configuring the agent to only handle necessary data fields. Sensitive data should be handled with extra care, potentially encrypting data before insertion.
Data Retention Policies: Define data retention policies that specify how long data should be retained within the database. Automate the cleanup of old data to comply with these policies, ensuring that data is not kept longer than necessary.
4. Error Handling and Cleanup Procedures:
Error Handling: Configure the agent to handle SQL exceptions and errors. Ensure that operations such as 'Run SP' (Stored Procedure) at the end of data forwarding incorporate transaction safety measures to prevent data leakage or corruption.
Cleanup Operations: Use ‘Cleanup SP’ to define stored procedures that clean up data in case of workflow cancellation or error. This prevents orphaned data from accumulating.
5. Audit and Monitoring:
Transaction Auditing: Enable detailed auditing for all transactions processed by the Database Forwarding Agent. Audit logs should capture key details about the transactions, including transaction IDs, timestamps, and user IDs where applicable.
Visit our detailed guide on the Database Forwarding Agent section in the InfoZone documentation.
Batch-Based Real-Time Agents
1. Data Handling and Security:
Ensure all data transfers are conducted over secure channels. For SFTP and SCP, utilize secure protocols like SSH2 for encryption.
Regularly update and manage cryptographic measures such as public and private keys, ensuring that keys are rotated and managed according to security policies.
2. File Management and Retention:
Define clear policies for the handling of files post-transfer, including moving, renaming, or deleting files as necessary. This should include criteria for automatic deletion based on retention schedules.
Use the functionalities of agents to automatically manage files after processing, such as decompression or removal, to minimize data exposure.
3. Error Handling and Retry Mechanism:
Implement error handling to manage and log transfer failures or data processing issues. Utilize the agent's capabilities to retry connections and resume interrupted transfers securely.
Configure agents to handle decoding errors and connection retries appropriately to prevent data corruption or loss.
4. Access and Authentication Controls:
Ensure that all access to data transfer tools and interfaces is controlled via authentication mechanisms like passwords or SSH keys. Configure agents to require authentication for both initiating transfers and accessing the data.
Limit retries and re-exchanges to prevent unauthorized access attempts and ensure that security settings like host key verifications are enforced.
5. Audit and Compliance:
Regularly audit data transfers, access logs, and security settings to ensure compliance with data protection policies. Use built-in logging and event management in agents to track and monitor all activities.
Access more information by visiting Batch-Based Real-Time Agents section in the InfoZone documentation.