1. Administration Guide
  2. General Privacy and Security Information

A General Privacy and Security Information

This appendix described data privacy and security.

Privacy by Design

To support data privacy enhancements, retail applications have a data privacy web service interface and command line tool to provide retailers with services for requesting access to personal information for review and forget/update the personal information, if requested.

Following are examples of personal information:

  • Full Name

  • Home address

  • Email address

  • Date of birth

The following features are provided by RI for using the data privacy command line tool:

  • Right to Access (RTA)

    Retailers can accept and respond to end-user requests for data access, correction, and deletion of individual end-user data records they store in the Oracle service.

  • Right to be Forgot (RTF)

    To support an end-user's right to request to forget/update personal information, retailers can delete/update (mask) an end-user's personal data during the services period. Certain data that is critical for the business or that is part of the legal requirement may not be deleted.

Data Minimization

RI uses the database role, enterprise role, and application role to control who has access to data. Through the front-end, RI provides default enterprise roles based on the corresponding application roles provided by RI. Users assigned to a specific enterprise role can only access a specific function area. See Administrative Tasks for details. At the database level, different database roles are assigned to different types of users. The front-end user role only has read permission for RI data. The batch user role has read, insert, update, and delete permissions for RI data.

In a future release, RI will provide customers with controls and tools to configure data purging based on certain criteria order to minimize the amount of data used and the length of storage.

Data Deletion

RI is a Business Intelligence system that stores the customer-centric/ merchandising data for a specified time limit only, as this is required for making business decisions. When data reaches the threshold, it is deleted from the system.

Customers will have access to controls to configure data purging in a future release of RI.

Right to Access / Right to Forget

RI provides a web service interface (file RetailAppsDataPrivServices-7.0.1-RetailAppsDataPrivServices.ear) for right to access and right to forget. The service provides a REST call to return end-user information based on a provided key and provides a REST call to forget the end-user based on a provided key. The feature is also available on the command line by using the jar file RetailAppsDataPrivServices-7.0.1-RetailAppsDataPrivTool.jar.

RI provides three groups (type_id) for right to access and right to forget.

  • CustomerRecord

    By providing the customer number as a key, the end user can access or forget the PII data for the customer, customer address, and history sales information related to this customer.

  • Employee

    By providing the employee number as a key, the end user can access or forget the PII data for the employee.

  • Supplier

    By providing the primary contact name as a key, the end user can access or forget the supplier contact name and supplier contact phone number information.

Data Portability

RI provides the capability for the end users to export the downloaded report to transmit data to another controller.

Encryption

RI uses Oracle Transparent Data Encryption TDE tablespace encryption to encrypt entire RI tablespaces.

Data Masking

Oracle data redaction is used for RI data masking. A data redaction policy has been created in RI on columns W_PARTY_PER_D. ETHNICITY_NAME and W_PARTY_PER_D. ETHNICITY_CODE. Only users who are granted EXEMPT REDACTION POLICY can view the data. Out of the box, only the RI batch user is granted EXEMPT REDACTION POLICY.