A General Privacy and Security Information
This appendix described data privacy and security.
Privacy by Design
To support data privacy enhancements, retail applications have a data privacy web service interface and command line tool to provide retailers with services for requesting access to personal information for review and forget/update the personal information, if requested.
Following are examples of personal information:
-
Full Name
-
Home address
-
Email address
-
Date of birth
The following features are provided by RI for using the data privacy command line tool:
-
Right to Access (RTA)
Retailers can accept and respond to end-user requests for data access, correction, and deletion of individual end-user data records they store in the Oracle service.
-
Right to be Forgot (RTF)
To support an end-user's right to request to forget/update personal information, retailers can delete/update (mask) an end-user's personal data during the services period. Certain data that is critical for the business or that is part of the legal requirement may not be deleted.
Data Minimization
RI uses the database role, enterprise role, and application role to control who has access to data. Through the front-end, RI provides default enterprise roles based on the corresponding application roles provided by RI. Users assigned to a specific enterprise role can only access a specific function area. See Administrative Tasks for details. At the database level, different database roles are assigned to different types of users. The front-end user role only has read permission for RI data. The batch user role has read, insert, update, and delete permissions for RI data.
In a future release, RI will provide customers with controls and tools to configure data purging based on certain criteria order to minimize the amount of data used and the length of storage.
Data Deletion
RI is a Business Intelligence system that stores the customer-centric/ merchandising data for a specified time limit only, as this is required for making business decisions. When data reaches the threshold, it is deleted from the system.
Customers will have access to controls to configure data purging in a future release of RI.
Right to Access / Right to Forget
RI provides a web service interface (file
RetailAppsDataPrivServices-7.0.1-RetailAppsDataPrivServices.ear
)
for right to access and right to forget. The service provides a REST call to return
end-user information based on a provided key and provides a REST call to forget the
end-user based on a provided key. The feature is also available on the command line by
using the jar file
RetailAppsDataPrivServices-7.0.1-RetailAppsDataPrivTool.jar
.
RI provides three groups (type_id
) for right to access and right to forget.
-
CustomerRecord
By providing the customer number as a key, the end user can access or forget the PII data for the customer, customer address, and history sales information related to this customer.
-
Employee
By providing the employee number as a key, the end user can access or forget the PII data for the employee.
-
Supplier
By providing the primary contact name as a key, the end user can access or forget the supplier contact name and supplier contact phone number information.
Data Portability
RI provides the capability for the end users to export the downloaded report to transmit data to another controller.
Encryption
RI uses Oracle Transparent Data Encryption TDE tablespace encryption to encrypt entire RI tablespaces.
Data Masking
Oracle data redaction is used for RI data masking. A data redaction policy has been created in RI
on columns W_PARTY_PER_D. ETHNICITY_NAME
and W_PARTY_PER_D.
ETHNICITY_CODE
. Only users who are granted EXEMPT REDACTION
POLICY
can view the data. Out of the box, only the RI batch user is granted
EXEMPT REDACTION POLICY
.