Browser version scriptSkip Headers

Oracle® Fusion Applications Security Guide
11g Release 5 (11.1.5)
Part Number E16689-05
Go to contents  page
Contents
Go to Feedback page
Contact
Us

Go to previous page
Previous
Go to previous page
Next

7 Privacy

This chapter contains the following:

Privacy: Explained

Personally Identifiable Information: How It Is Processed

Privacy Safeguards: Points To Consider

Privacy Breach Prevention and Recovery: Points To Consider

FAQs for Privacy

Privacy: Explained

Private data is data about individuals that should not be available to other individuals and organizations without specific business justification, even if it is in the possession of another party.

Individuals must be able to exercise a substantial degree of control over their private data and its use. Private and personal data includes the following.

An enterprise protects private and sensitive data against theft and misuse for the following reasons.

Privacy Attributes

One aspect of privacy is personally identifiable information (PII).

Oracle Fusion Applications security protects the following levels of data classification for addressing data privacy and protection requirements. The following table shows what protections are in place for which PII classifications.


PII Classification

Protected in Oracle Fusion Applications

Public

No

Public within the enterprise

User interface

Confidential

User interface and database

Unless otherwise stated, PII data in this discussion is confidential.

Public data is typically not sensitive with generally minimal risk associated with exposure of this information except in some contexts. For example, you may want to protect e-mail addresses from exposure to spammers or the names and titles of employees from access by external recruiters.

Internally public or confidential information is controlled to remain confidential within an entity and protected from access external to the entity such as a corporation.

Confidential data protects information within an entity such as a corporation. Exposure of such information outside the custodial entity is reasonably expected to result in harm, such as loss of business, benefit to a competitor, legal liability, or damaged reputation. Certain roles may require access to some confidential PII data for valid business reasons. For examples, a person's human resources representative probably has access to their home address, while a dispatcher may have access to the home phone numbers of on-call staff. However, this in no way alters the need for extra measures to protect sensitive PII data.

Oracle Fusion Applications uses Virtual Private Database (VPD) to protect PII attributes in the database from unauthorized access by privileged users such as database administrators (DBA). Data that is public or public within the enterprise, such as person name and work phone number, does not need the additional VPD protection.

Some privacy attributes are not PI,I but are sensitive. Oracle Fusion Applications uses Oracle Database Vault to protect all sensitive data from unauthorized access by privileged users such as DBAs, including VPD protections some DBAs may otherwise be powerful enough to override.

The following attributes are considered PII.


PII Attribute

Public: no additional security

Public within the enterprise: secure in the user interface

Confidential: secure in the user interface and database

Account Name

 

Yes

 

Article Number

 

 

Yes

Bank Account Number

 

 

Yes

Biometrics Data

 

 

Yes

Business Address

 

Yes

 

Business Email Address

 

Yes

 

Business Telephone Number

 

Yes

 

Card Number: Credit or Debit

 

 

Yes

Citizenship Number

 

 

Yes

Civil Identifier Number

 

 

Yes

Club Membership ID

 

Yes

 

Custom Name

Yes (Recruiter in HCM Recruiting System)

Yes

 

Digital ID

 

 

Yes

Drivers License Number

 

 

Yes

Electronic Taxpayer Identification Number

 

 

Yes

Employee Number

Yes (Recruiter in HCM Recruiting System)

Yes

 

Government Affiliation ID

 

 

Yes

GPS Location

 

Yes

 

Hafiza Number

 

 

Yes

Health Insurance Number

 

 

Yes

Identity Card Number

 

Yes

 

Instant Messaging Address

 

Yes

 

Library Card Number

 

Yes

 

Maiden Name

 

Yes

 

Mail Stop

 

Yes

 

Medical Information

 

 

Yes

Military Service ID

 

 

Yes

National Identifier

 

 

Yes

Party Number or Customer Number

 

Yes

 

Passport Number

 

 

Yes

Pension ID Number

 

 

Yes

Pension Registration Number

 

 

Yes

Person Identification Number

 

 

Yes

Person Name

Yes (Name of recruiter in HCM Recruiting System)

Yes

 

Personal Address

 

 

Yes

Personal Email Address

 

 

Yes

Personal Public Service Number

 

 

Yes

Residency Number (Green Card)

 

 

Yes

Social Insurance Number

 

 

Yes

Social Security Number

 

 

Yes

Student Examination Hall Ticket Number

 

Yes

 

Tax Registration Number or National Taxpayer Identifier

 

 

Yes

Trade Union Membership Number

 

 

Yes

Unemployment Insurance Number

 

 

Yes

User Global Identifier

 

Yes

 

Visa Number or Work Permit

 

 

Yes

Voter Identification Number

 

 

Yes

Web Site

 

Yes

 

Welfare Pension Insurance Number

 

 

Yes

These attributes participate in data security policies to prevent unauthorized access to the private data attribute values. Users are not always granted access to their own PII data. You provision roles and associated data security policies to grant access to a user's own PII data where it is necessary or cost effective to do so, such as for managing e-mail addresses.

The following data is sensitive, though not PII.


Sensitive Attribute Category

Public

Internal Public

Confidential Restricted

Confidential Highly Restricted

Type

Use

Unannounced Financial Results

 

 

 

Yes

Commercial

 

Financial Forecasts

 

 

 

Yes

Commercial

 

Competitive Analysis

 

 

Yes

 

Commercial

 

Strategic Business Plans

 

 

 

Yes

Commercial

 

Product design specifications

 

 

 

Yes

Commercial

 

Compensation

 

 

Yes

 

Personal

Salary, bonus, stock, bank and account information, retirement accounts

Employment details

 

 

Yes

 

Personal

Performance evaluation, grade, ranking, hire date, background checks and security clearances

Nationality and Citizenship

 

 

Yes

 

Personal

Including work permit information

Health Information

 

 

 

Yes

Personal

Disability leave, health care providers and plans, medical information

Personal information

 

 

 

Yes

Personal

Birth date, place of birth, race and ethnicity, medical information, religion, politics, sexual orientation, union membership, offenses, race and ethnicity

Mother's maiden name

 

 

 

Yes

Personal

 

Passwords

 

 

 

Yes

Security

Including access code or PIN

Encryption keys

 

 

 

Yes

Security

 

Customer configuration

 

 

 

Yes

Security

 

Security vulnerabilities

 

 

 

Yes

Security

 

Data Privacy

Oracle Fusion Applications security protects private data from unnecessary external exposure through role based access controls and tools such as Virtual Private Directory (VPD) for access from remote locations.

Use the function and data security mechanisms of the Oracle Fusion Applications security approach to protect other sensitive data in your enterprise that is not considered PII. such as compensation information, medical information, or ethnicity, especially when associated with data that can identify the person the data belongs to.

Oracle Fusion Applications Payments secures credit card and bank account data using encryption, masking, hashing and compression at the application level, but the protection is enforced across all Oracle Fusion applications.

Business objects relevant to privacy and the data security policies defined to protect them are listed in the Oracle Fusion Applications Security Reference Manual for each offering.

Personally Identifiable Information: How It Is Processed

Personally identifiable information (PII) attributes in Oracle Fusion Applications span several product families.

Under most of the regulatory schemes (EU, Canada, Japan, and so on), PII includes all information from which the identity of a person could be determined directly or indirectly.

Attributes That Affect PII

The following attributes are considered PII in Financials.

The following attributes are considered PII in Procurement.

The following attributes are considered PII in Human Capital Management.


PII

Confidential PII

Address

Private Address Details

Drivers License Number

Drivers License Number

 

Private Email Details

Article Number

Article Number

Civil Identifier Number

Civil Identifier Number

Civil Registration Number

Civil Registration Number

GOSI Number

GOSI Number

Government Affiliation ID

Government Affiliation ID

Hafiza Number

Hafiza Number

Military Service ID

Military Service ID

National Identifier

National Identifier

National Taxpayer Identifier (NIP)

National Taxpayer Identifier (NIP)

Nationality Number

Nationality Number

Pension ID Number

Pension ID Number

Social Insurance Number

Social Insurance Number

Social Security Number

Social Security Number

 

Personal Public Service Number

 

RFC ID

Tax Registration Number or National Taxpayer Identifier

Tax Registration Number

Unemployment Insurance Number

Unemployment Insurance Number

Passport Number

Passport Number

Person Name

 

Maiden Name

 

Telephone Number

Private Phone Details

Iqama Number

Iqama Number

Visa Number

Visa Number

Visa Number or Work Permit

Visa Number or Work Permit

How PII Is Processed

The following table shows how specific PII attributes correspond to a business object and are processed.


Data Attribute

Business Object

Comments

National Identifier Oracle Fusion Expenses

Corporate Card

Used to match new card not previously matched to employee

Bank Account Number in Oracle Fusion Payments

External Bank Account (LE)

Column subject to PCI/PABP in addition to PII security

 

Disbursement (LE)

Masked payee bank account number, denormalized from IBY_EXT_BANK_ACCOUNTS_ALL; column subject to PCI/PABP in addition to PII security

 

Disbursement (LE)

Masked payee bank account number, denormalized from IBY_EXT_BANK_ACCOUNTS_ALL; column subject to PCI/PABP in addition to PII security

Card Number in Oracle Fusion Payments

Payment Card (LE)

Column subject to PCI/PABP in addition to PII security

Tax Registration Number in Oracle Fusion Tax

Detail Tax Line (LE)

Tax Registration Number for external parties; may contain personal TRN

 

Tax Registration (LE)

Tax Registration Number for external parties; may contain personal TRN. This attribute is indexed and search identifies non-equality.

 

Party Tax Profile (LE)

Tax Registration Number for external parties; may contain personal TRN

Tax Registration Number in Oracle Fusion Expenses

Expense

Taxpayer Identifier of the merchant with which employee conducted the transaction

 

Corporate Card Transaction

Taxpayer Identifier of the merchant with which employee conducted the transaction

National Taxpayer Identifier in Oracle Fusion Financials for EMEA

Spanish Withholding Interface (LE)

Supplier Taxpayer Identifier, used for Spanish Withholding Tax functionality

National Taxpayer Identifier in Oracle Fusion Expenses

Expense

Taxpayer Identifier of the merchant with which employee conducted the transaction

 

Corporate Card Transaction

Taxpayer Identifier of the merchant with which employee conducted the transaction (column name may be sync up with previous entry)

Components That Protect PII

Several security components protect PII attributes.

The figure shows access controlled by Authorization Policy Manager and the Virtual Private Database protects PII data. Oracle Database Vault protects PII data from administrators. Transparent Data Encryption (TDE) protects PII in files. Oracle Data Masking protects PII data on clones of the production database.

Figure shows the components and their
relationship to the databases where protections are in effect.

Privacy attributes are listed in the Oracle Fusion Applications Security Reference Manual for each offering.

Privacy Safeguards: Points To Consider

In Oracle Fusion Applications, private data is accessed through user interfaces and client access tools such as SQL Plus.

Oracle Fusion Applications manages privacy by the following means.

The following safeguards apply across Oracle Fusion Applications.

Oracle Fusion Applications security does not protect private data in onward transfers, or from one recipient to another. Network encryption protects sensitive data in transit.

Personally Identifiable Information (PII)

Oracle Fusion Applications secures personally identifiable information (PII) in the user interface and the database.

PII consists of attributes that are identified in the data model. PII attributes are degrees of sensitive. They can be confidential (such as taxpayer ID and credit card numbers) or not (such as person name and email address).

Role definitions carry authorization to access PII attributes. Data security policies define entitlement for a role to access PII attributes wherever they are stored or displayed. Network encryption provides protections of PII data in transit.

In Human Capital Management (HCM), Financials, and Procurement, Virtual Private Database (VPD) protects PII. Trading Community Architecture and Oracle Fusion Payments uses Oracle Database Encryption APIs to secure confidential PII in their control at the column level, such as credit card and bank account numbers.

Oracle Transparent Data Encryption (TDE) prevents access to personally identifiable information (PII) in the file system or on backups or disk. Oracle Virtual Private Database (VPD) protects PII from users with DBA access, and Oracle Data Vault (ODV), if installed, prevents this protection from being overridden. Oracle Data Masking protects PII and sensitive data in cloned databases.

PII in interface tables used for custom integrations is not secured in the database, so needs to be secured at interfaces that are not in Oracle Fusion.

Sensitive Information

Information that is not PII but sensitive, such as compensation benefits and employee performance details, is protected through standard function and data security.

Notice and Consent

As a security guideline, publish the privacy policy for the enterprise. When collecting private or personal data, notify users how the data will be used and who can access it.

Privacy Breach Prevention and Recovery: Points To Consider

Breaches in privacy may occur due to the following issues.

Privacy breaches could result also when data associated with a person is not masked even though all PII attributes are protected. For example, some combination of information a person's assignment, number of total or direct reports, and user account could allow a person's identity to be deduced.

Breach Prevention

The most effective measures preventing a breach of private data include the following.

VPD security policies control database access at the row level. Only a SYS user or users can bypass VPD security policies with the EXEMPT ACCESS POLICY system privilege. Oracle Database Vault additionally prevents DBAs from accessing VPD protected data.

You can set up function security or row and column level data security using Oracle Fusion Data Security to secure private data, or set up Oracle Database Vault to restrict access through specified Internet Protocol (IP) addresses.

Recovery

Recovery from unauthorized access to private data depends on auditing and logging that identifies the privacy attributes breached without writing the private data to the log files or audit reports.

FAQs for Privacy

What's the difference between private, personally identifiable, and sensitive information?

Private information is confidential in some contexts.

Personally identifiable information (PII) identifies or can be used to identify, contact, or locate the person to whom the information pertains.

Some PII information is sensitive.

A person's name is not private. It is PII but not sensitive in most contexts. The names and work phone numbers of employees may be public knowledge within an enterprise, so not sensitive but PII. Under some circumstances it is reasonable to protect such information.

Some data is not PII but is sensitive, such as medical data, or information about a person's race, religion or sexual orientation. This information cannot generally be used to identify a person, but is considered sensitive.

Some data is not private or personal, but is sensitive. Salary ranges for grades or jobs may need to be protected from view by users in those ranges and only available to senior management.

Some data is not private or sensitive except when associated with other data the is not private or sensitive. For example, date or place of birth is not a PII attribute because by itself it cannot be used to uniquely identify an individual, but it is confidential and sensitive in conjunction with a person's name.