6Personally Identifiable Information

This chapter contains the following:

How You Protect Personally Identifiable Information

The data or information that's used to uniquely identify a contact, or locate a person is called personally identifiable information (PII), such as social security number, addresses, bank account numbers, phone numbers, and so on. This information is considered confidential and sensitive, and must be protected to prevent unauthorized use of personal information for the purposes of legal regulation, financial liability, and personal reputation. For example, only authorized users must be allowed access to the social security numbers of people stored in a system.

In Oracle Applications Cloud, the PII data is secured and can be accessed only by the following job roles with the exception of mobile phone data:

  • Sales Administrator

  • Enterprise Scheduler Job Application Identity for CRM

  • Oracle Data Integrator Application Identity for CRM

  • Web Services Application Identity for CRM

Mobile phone data is accessible to all seeded job roles. However, if access to mobile phone data is needed for custom job roles, the IT Security Manager must assign the required PII data policies to the custom job role in the Security Console. The IT Security Manager can also add data policies for other PII data to seeded job roles.

The following table lists the PII attributes that are secured in Oracle Applications Cloud.

Note: You can search privileges in Security Console using the Privilege Titles listed in the following table.
PII Attribute Table Name Privilege Title

Taxpayer Identification Number (Social Security Number)

HZ_PERSON_PROFILES

View Trading Community Person Social Security

Taxpayer Identification Number (Social Security Number)

HZ_PERSON_PROFILES

Manage Trading Community Person Social Security

Citizenship Number

HZ_CITIZENSHIP

View Trading Community Person Citizenship Number

Citizenship Number

HZ_CITIZENSHIP

Manage Trading Community Person Citizenship Number

Home Address

HOME Address is identified by party site use defined in SITE_USE_TYPE field of the HZ_PARTY_SITE_USES table

View Trading Community Person Address

Home Address

HOME Address is identified by party site use defined in SITE_USE_TYPE field of the HZ_PARTY_SITE_USES table

Manage Trading Community Person Address

Home Phone

HZ_CONTACT_POINTS rows with contact_point_purpose value PERSONAL

View Trading Community Person Contact

Home Phone

HZ_CONTACT_POINTS rows with contact_point_purpose value PERSONAL

Manage Trading Community Person Contact

Mobile Phone

HZ_CONTACT_POINTS rows with phone_type or phone_line_type value MOBILE

View Trading Community Person Mobile Phone Number

Mobile Phone

HZ_CONTACT_POINTS rows with phone_type or phone_line_type value MOBILE

Manage Trading Community Person Mobile Phone Number

Home Email

HZ_CONTACT_POINTS rows with contact_point_purpose value PERSONAL

View Trading Community Person Contact

Home Email

HZ_CONTACT_POINTS rows with contact_point_purpose value PERSONAL

Manage Trading Community Person Contact

Additional Identifiers

All rows that belong to PERSON party in HZ_ADDTNL_PARTY_IDS

View Trading Community Person Additional Identifier

Additional Identifiers

All rows that belong to PERSON party in HZ_ADDTNL_PARTY_IDS

Manage Trading Community Person Additional Identifier

How You Work with Protected Information

In Oracle Cloud applications, your access to protected information depends on your job role. In case you don't have access to the information you need to work with, contact the IT security manager for the necessary privileges.

Securing and protecting customer information against data breaches, data theft, or unauthorized access is an increasing concern in any enterprise. To address this issue, Oracle Applications Cloud provides restricted access to information that's considered private to an individual, also known as Personally Identifiable Information (PII).

PII is any information that uniquely identifies an individual, such as personal phone number, personal email address, personal address, citizenship number, or Social Security Number (SSN). You can use PII data to uniquely identify, contact, or locate an individual, or you can use it with other sources to uniquely identify a person. For example, a SSN uniquely and directly identifies an individual, whereas a telephone area code identifies a set of people.

The attributes that are identified as PII are as follows:

  • Home Address

  • Home Phone Number

  • Personal Email Address

  • Taxpayer Identification Number (Social Security Number)

In Oracle Applications Cloud, access to the PII data is restricted to a set of job roles. If you need to work with PII data for business purposes, then contact the IT security manager for the necessary privileges.

Manage Personally Identifiable Information

As a setup user, you can manage PII information in Oracle Applications Cloud.

In this example, you will add or update personally identifiable information (PII) data for your contacts. Before you can add or update the PII data, you must expose the PII attributes from Application Composer in an active sandbox.

Activate a Sandbox

  1. Sign in as a setup user such as Sales Administrator.

  2. From the Administration group in the Settings and Actions menu, select Manage Sandboxes.

  3. Click Actions and then click New.

  4. Enter a name in the Sandbox Name field.

  5. Click Save and Close.

  6. In the Confirmation dialog box, click OK.

  7. In the Manage Sandboxes dialog box, select the sandbox you just created and click the Set as Active button.

Expose PII Attributes from Application Composer

The Taxpayer Identification Number and Home Phone PII attributes can be exposed from the Application Composer.

  1. Navigate to Application Composer.

  2. From the Objects View, select Standard Objects, Contact, and then Pages. Ensure Simplified Pages is selected.

  3. To add the Taxpayer Identification Number and Home Phone PII attributes to the Create Contact page:

    1. In the Create Contact section, select Standard Layout and click the Edit icon.

    2. In the Create Contact region, click the Edit icon.

    3. Move the Taxpayer Identification Number and Home Phone PII attributes from the Available Fields list to the Selected Fields list to add to the Create Contact page.

    4. Click Save and Close.

    5. Click Done.

  4. To add the Taxpayer Identification Number and Home Phone PII attributes to the Edit Contact page:

    1. In the Edit Contact section, select Standard Layout and click the Edit icon.

    2. Click the Profile tab to add the custom field.

    3. In the Summary region, click the Edit icon.

    4. Move the Taxpayer Identification Number and Home Phone PII attributes from the Available Fields list to the Selected Fields list to add to the Edit Contact page.

    5. Click Save and Close.

    6. Click Done

Add and Update PII Data

  1. Navigate to Contacts .

  2. In the Contacts page, enter the name of the contact and click the Search icon.

  3. In the Edit Contact page of the contact, click the Profile tab.

  4. Enter the PII data such as the Taxpayer Identification Number and Home Phone, and click Save and Close.

  5. In the Contacts page, click the Create Contact button.

    Note: You can proceed to create a contact or click Cancel to exit without saving.

Publish the Sandbox

You can publish a sandbox after you have tested and verified that the modifications done in that sandbox are ready to be moved to the mainline metadata.

  1. Select a sandbox link that appears on the page and click the More link.

  2. In the Sandbox Details dialog box, click the Publish button.

  3. Click Yes in the Publish confirmation message box.

  4. Close the Manage Sandboxes dialog box.

  5. From the Settings and Actions menu, click Sign Out.

Assign PII Privileges Using Security Console

As an IT Security Manager, you can create a custom job role and assign data policies required to access PII information. Perform the following steps to create a custom role and assign PII privileges to the custom role.

In this example, as an IT Security Manager, you will create a custom job role based on the existing Sales Representative role and assign PII privileges to access the Social Security data. After this, you must assign the custom job role to the users you want to assign PII privileges. For more information on assigning job roles to users, see the Oracle CX Securing CX Sales and B2B Service guide.

Assign Job Roles

  1. From the Navigator, click Tools - Security Console.

  2. On the Security Console, ensure that Expand Toward is set to Privileges.

  3. Enter sales representative in the Search field and select the Job Role in the results.

  4. In the Search Results, click the actions button and select Copy Role.

  5. In the Copy Options window, select Copy top role and click Copy Role. The Copy Role page is displayed.

  6. In the Basic Information page, enter the Role name and Role Code such as Sales Representative Custom PII and ZBS_SALES_REPRESENTATIVE_JOB_CUSTOM_PII.

  7. Click Next.

  8. Click Next.

  9. In the Data Security Policies page, you must create four data security policies with the details provided in the following table. To create a data security policy, click Create Data Security Policy.

    Policy Name Database Resource Data Set

    Grant on Trading Community Party.

    This lets you view and read all Social Security information.

    Trading Community Party.

    Select All Values from the Data Set list. In the Actions list, select View Trading Community Person Social Security.

    Grant on Trading Community Party.

    This lets you manage all Social Security information.

    Trading Community Party.

    Select All Values from the Data Set list. In the Actions list, select Manage Trading Community Person Social Security.

    Note: You don't have to create separate data security policies for View and Manage Trading Community Person Social Security privileges. You can create one data security policy for these two privileges or all PII privileges. You can't combine these two PII privileges and add them to data security policies that were created for other privileges. You must create PII privileges as separate data security policies.

  10. Click Next.

  11. Click Next.

  12. Click Next.

  13. In the Summary and Impact Report page, click Save and Close.