Data Privacy and Security Features

Oracle CX Audience has several mechanisms to help meet your organization's data privacy and security requirements. Learn about the CX Audience privacy and security features and where to find information about implementing them.

Also review Data Processing Agreement for Oracle Cloud Services and Oracle Cloud Hosting and Delivery Policies.

Collecting data

Oracle CX Marketing enables your organization to capture personal data across many different channels. As part of these data capture processes, you have the ability to incorporate mechanisms that enable your customers to make informed decisions about the use of their personal data. Oracle Cloud provides controls that can be configured to meet specific business requirements.

If your account is integrated with Oracle Responsys, opt-in management and targeting by organization is managed within Oracle Responsys. Learn more about opt-in management and targeting by organization in Oracle Responsys.

Managing data

As today’s businesses capture vast amounts of personal data, marketing teams require tools that enable them to manage data at scale. CX Audience provides a comprehensive portfolio of features that makes it easy for you and your organization to securely manage personal data.

Securely transfer data

CX Audience facilitates data transfer and integration in a number of secure ways.

REST APIs

Using Oracle CX Audience REST APIs, you can securely transfer personal data at scale. REST APIs use HTTPS end points. CX Audience monitors and throttles the frequency of API requests that are submitted from each CX Audience account. This is to ensure that the best possible level of service is offered to API clients in a shared environment.

Learn more about the REST API for Oracle CX Audience Marketing Cloud Service.

Connect

Connect enables secure transfer of data to and from CX Audience.

Using Connect you can:

  • Import list, profile extension, and custom table data into CX Audience.
  • Automate the import of data captured in other systems. For this release, we support import from Adobe Analytics Data Connectors.
  • Export Audiences to CX Audience or to your SFTP site via configured Connect jobs.
  • Create groups of jobs, define the order in which they are to be run, and then run the group either on demand or according to a schedule. This allows users to import multiple sets of data in the correct order. For example, you can ensure that a list table is uploaded before updating a profile extension table.
  • View scheduled and completed jobs and details.

Learn more about Connect.

Data removal

Data protection or privacy regulations vary region to region. When it is necessary to delete customer personal data, it is important to know how CX Audience manages deletions. CX Audience allows you to delete customer records as needed with Bulk Delete. Learn more about Deleting data.

Protecting data

CX Audience provides capabilities to help protect data. Features like granular user access controls, encryption, data redaction, anonymization, and more help your organization protect personal data at the highest possible standard.

CX Audience provides data security mechanisms and controls to help your organization securely manage access to CX Audience and minimize access within CX Audience.

Hashing and using oHashes

CX Audience creates an oHash of email addresses using the SHA-256 and MD5 hash value of a normalized email addresses. The normalized email address is generated by trimming the raw clear text, converting it to lower case, and removing any aliases.

The oHashes are stored in the columns EMAIL_SHA256_HASH_ and EMAIL_MD5_HASH. If you want to use your own externally calculated hash for profile merges or personalization, populate your hash value in the CUSTOMER_ID_ column.

These oHashes can be leveraged with your integrated systems to map customer data across systems without sending the email address itself. For example, the oHashed email addresses are used in an Omniture Genesis (also known as Adobe Genesis) integration, and can be used with Rapid Retargeter.

With Connect, you can use these oHashes as a match key. oHashes cannot update the standard EMAIL_ADDRESS_ column.

Encryption at Rest

Encryption at Rest is CX Audience's solution to "data at rest encryption". Encryption at Rest provides security for data in files that are saved on disk (or at rest) by encrypting that data. Using Oracle Transparent Data Encryption (TDE) technology, Encryption at Rest encrypts CX Audience data to prevent access from unauthorized users. For CX Audience accounts with security mandates to protect their data at rest from unauthorized access, Encryption at Rest offers advanced data protection.

Data redaction

If your account is integrated with Oracle Responsys, data redaction is managed within Oracle Responsys. Learn more about data redaction in Oracle Responsys.

User access control

User access is controlled through the assigning of the Account Administrator role, which gives the user administrative privileges. We strongly discourage sharing administrative logins between users. Learn more about User management.

Login behavior

This section describes how CX Audience handles login behavior for new and existing users. The behaviors described in this section are system defaults and cannot be configured by your CX Audience Account Administrators.

Standard user login

Anyone in your organization who needs to use CX Audience must have a user login. Account Administrators create users in the system. After a user is created, the user receives an email with their username and a temporary password.

  • On the first login, the user must reset their password to one that meets the password requirements.
  • Each time a user logs from an unknown device, CX Audience prompts users to request a verification code to activate the device. Activation helps reduce the risk of security issues related to login. The system sends the validation code to the user's email address, which is part of their user profile.
  • Users who forget their passwords can click the Can't Sign In? link on the login page and request that the system reset the password for their login ID.
  • Account Administrators can also manually trigger the reset of a user's password. The user will be emailed a link to the Reset Password page.

Users with the Account Administrator role perform all user management tasks for CX Audience users.

Learn more about Account settings, User management, and User settings.

Password and login security configuration

CX Audience offers you various protections to secure user access to CX Audience and help prevent unauthorized access. Using CX Audience security configurations, you can:

  • Manage the password requirements.
  • Manage login security such as idle session timeout and user lockout policies.
  • Optionally, further restrict user access by allowlisting IP addresses.

User password requirements

CX Audience Account Administrators can modify the default CX Audience user password requirements to match your organization's policies. Your organization can configure the following requirements:

  • Minimum password length (no fewer than 6 characters)
  • Require at least one lowercase letter
  • Require at least one uppercase letter
  • Require at least one number
  • Require at least one of the following characters: !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
  • Require that the first and last characters must be non-numeric
  • Require that the password must not be the user name or user name in reverse

Oracle recommends that your user password requirements are equal to or greater than the strength of the system defaults.

Password reset

The Account Administrator can reset a user's password. When the password is reset, the user receives an email requesting them to change their password immediately. The link expires 2 hours after it is sent. Learn more about Account settings.

User lockout after multiple failed logins

CX Audience locks a user out of the system after 5 unsuccessful login attempts. The user will be able to log in again with the correct user name and password after the specified lockout time.

You can specify how long before a locked user can be unlocked. The default lockout time is 60 minutes. Alternatively, you can set a custom time or require that only an account administrator can unlock the user.

Oracle recommends that your user lockout time is equal to or greater than the strength of the system defaults. Learn more about Account settings.

Manual user lockout

If you need to block a user's access to the system, the CX Audience Account Administrator can edit the user's profile and set the Status to Suspended. Suspended users cannot log in to the system. Learn more about User management.

Idle session timeout

You can set the maximum number of minutes after which CX Audience logs out inactive users (that is, session timeout). You can choose a session timeout of 15 minutes, 30 minutes, or 60 minutes. Learn more about Account settings.

IP allowlist

You can restrict CX Audience login access based on a range of authorized login IP addresses. Any login attempts initiated outside of your authorized range are immediately denied. This type of restriction can help protect access from unauthorized users.

To access the IP whitelist, select IP login restrictions from the Account management page. Learn more about Authorizing Login IP addresses.