4 About data privacy

Oracle Monetization Cloud supports data privacy for all personal data by implementing data encryption, data masking, and data purging. We also encourage best practices, such as obtaining consent to collect and store personal data and implementing role-based access for applications that expose personal data.

Topics in this document

About personal data

Personal data that needs to be protected can come from your customers and your employees.

Customer personal data includes:

  • Financial information: Credit and debit card information, bank account information, and tax exemption certificate numbers

  • Contact information: Names, phone numbers, physical addresses, email addresses, IP addresses, preferred languages or locales, and time zones

  • Credentials: User names, passwords, security hints, and security answers

  • Bill information: Invoice numbers, bill amounts, bill details, and bill history

Employee personal data includes:

  • Information required for setting up accounts: user names, passwords, security hints, and answers.

  • Additional, optional information: employee IDs, job titles, and job descriptions.

For more information about the categories of personal data, see section 4 of Data Processing Agreement for Oracle Cloud Services, available on the Oracle Cloud Services contracts page:

http://www.oracle.com/us/corporate/contracts/cloud-services/index.html

Obtaining consent

Before collecting personal data from customers, your CSRs must obtain verbal consent to collect and store the information. You're responsible for training your CSRs to do this.

Encrypting data

Personal data is automatically encrypted as follows:

  • Oracle Monetization Cloud applications encrypt password and credit card tokens.

  • Connections between Oracle Monetization Cloud applications and the database are encrypted using Oracle Database Network Encryption.

  • Personal data in the database is encrypted using Oracle Database Transparent Data Encryption (TDE).

Masking data in logs

Oracle Monetization Cloud automatically masks personal data in logs. This prevents users from seeing personal data if they don't need access to it to do their job, such as a system administrator troubleshooting connection issues. The users who do need to see this data, such as CSRs, can still see it in Subscriber Management.

Purging data

Oracle Monetization Cloud automatically purges old events that contain personal data after a retention period of 12 months. By default, closed accounts are also deleted 12 months after closing. This permanently deletes the account and all personal data associated with it.
Use Data Privacy in System Configuration to adjust the retention period for old events and closed accounts. Enter the number of months to retain the data. You should keep as little personal data as possible for the minimum time necessary.

Note:

You're responsible for purging personal data from your payment and taxation gateways and any other external systems. Oracle Monetization Cloud doesn't inform the gateways that data needs to be removed.

You can also immediately remove customer personal data on demand by using a SOAP client to call the pcmOpCustDeletePersonalData operation of the BRMCustService_v2 web service. See Oracle Monetization Cloud Integration Guide for information about using the SOAP web services and Oracle Monetization Cloud SOAP API Reference for information about this operation.

About the flow of personal data

Personal data flows securely into and out of Oracle Monetization Cloud at several points, illustrated by this graphic.

Customer data flow

  1. After getting consent from the customer, your CSR records personal data while creating the account and subscribing the customer to services. Your system sends any credit or debit card details to your payment provider in exchange for payment tokens.

    Alternatively, a customer could enter information into your customer portal, which you have configured to call the Oracle Monetization Cloud SOAP API. For credit and debit card payment methods, the payload also includes the tokenized credit or debit card data from your system.

  2. From the web browser or the SOAP API call, the personal data and payment tokens pass through the Oracle firewall and load balancers into the Oracle Monetization Cloud web server.

  3. The web server sends the data to the appropriate application servers.

  4. The application server sends subscriber registration and payment processing data out of Oracle Monetization Cloud, through to the payment gateway using a REST API.

  5. The payment gateway validates the subscribers.

  6. The application server passes the personal data and tokens through Network Encryption to the database server.

  7. The database server stores the data securely using TDE.

  8. The encrypted data is backed up periodically in case you need to restore a corrupt database.

  9. Only users with the appropriate authorization can access the personal data from the database.

Employee data flow

  1. Using a web browser, your system administrator logs in to Oracle Monetization Cloud with the credentials that allow access to Oracle Identity Cloud Service.

  2. The system administrator creates and manages users for the people in your organization, creating user names and passwords for them and entering any optional personal data, such as employee numbers or job titles.

  3. The personal data and credentials pass through the Oracle firewall and load balancers into the Oracle Monetization Cloud web server.

  4. The web server sends the data to the Oracle Identity Cloud Service server to set up user authentication.

  5. Using a web browser, your employees sign in to Oracle Monetization Cloud using their new credentials.

  6. The credentials pass through the Oracle firewall and load balancers into the Oracle Monetization Cloud web server.

  7. The web server sends the credentials to the Oracle Identity Cloud Service server for authentication.

  8. After authentication, the Oracle Identity Cloud Service server sends the employee to the application server that their role authorizes them to use. For example, employees with a CSR role can access Subscriber Management.

Usage data flow

Usage data flows from your authorized HTTP client into the Oracle Monetization Cloud document store. The HTTP client must be registered as an OAuth application within Oracle Monetization Cloud.

Usage data flows as follows:

  1. Your system records customer usage data in usage files, then uploads them to the Oracle Monetization Cloud document store.

  2. The document store sends the usage files to the appropriate application server for processing.

  3. The application server processes the usage data and updates the usage files with success or failure messages, then passes the processed usage data through Network Encryption to the database server.

  4. The database server stores the data securely using TDE.

  5. The encrypted data is backed up periodically in case you need to restore a corrupt database.

  6. Authorized users can access the updated usage files in the document store using an authorized HTTP client and purge them after they're no longer useful.

Invoice data flow

Invoice data is generated on the Oracle Monetization Cloud application server and stored as PDF or XML files in the Oracle Monetization Cloud document store. Use an authorized HTTP client to download files for review or for distribution to your customers.

Oracle administrator access

Occasionally, an Oracle database or system administrator may need to access your cloud system to perform maintenance or upgrades. This access is controlled by strict user roles and multi-factor authentication managed through Oracle Privileged Account Manager, and secured through Oracle firewalls, bastion hosts, multi-factor authentication, and VPN clients. All Oracle employee activity in your system is logged and tracked.