GDPR: Protect Personally Identifiable Information

To help your organization protect the personally identifiable information (PII) of resources, cappm includes data protection features. The availability of these new features coincides with the May 2018 General Data Protection Regulation (GDPR) in the European Union. GDPR is also included in the United Kingdom Data Protection Act. Compliance is required from any international firm with ties to data in the European Union.
ccppmop154
To help your organization protect the personally identifiable information (PII) of resources, 
Clarity PPM
 includes data protection features. The availability of these new features coincides with the May 2018 General Data Protection Regulation (GDPR) in the European Union. GDPR is also included in the United Kingdom Data Protection Act. Compliance is required from any international firm with ties to data in the European Union.
GDPR data protection laws were enacted to provide EU citizens in all member states with greater control over their personal data. Businesses that compromise or misuse personal data are subject to possible fines. To mitigate these risks, including hacking, data breaches, and other cyber threats, 
Clarity PPM
 allows administrators to anonymize (randomize or scramble) specific PII data for inactive resources.
2
 
CAUTION
: This feature permanently protects certain data by scrambling it. For example, the resource named Cheryl Amos is scrambled into ZZZ5000366. Attachments are permanently purged. Access to original data is irretrievably lost. As an administrator, it is your responsibility to make a secure backup, if permitted by your security policies, and to observe all necessary precautions before using this feature.
GDPR: Feature Highlights
gdpr1.jpg
 
c1.png
Installation
: Install the new content items for personally identifiable information (PII) from the PMO Accelerator. Installation is handled for SaaS customers. On-premise customers can decide when to install the content, or to decline.
c2.png
Configuration
: To organize the subset of attributes subject to protection, add any new attributes that you create for resource anonymization to this list. By default, the application is configured to anonymize the following attributes for inactive resources that you select: resource ID, resource full name, resource first name, resource last name, resource email address, and username. The complete list of obfuscated data appears further down this page.
c3.png
New Protected Attributes
: You can create a custom attribute on the
Resource
object in Studio. These optional steps are not new. They are not shown in the image. Click 
Administration
Studio
Objects
and filter the object list to open the 
Resource
 object. For example, create an attribute for the last four digits of a personal ID number or a five-digit pin. Then click
Home
,
Custom Attributes
,
PII Attributes
. Add your new attribute to the
Personally Identifiable Information (PII) Attribute List
page.
c4.png
User Access
: Configure the personal attributes on a page where other authorized users can access them. We recommend that you keep them together for easy access. For example, you want resource managers to edit a personal pin number or to set the
Anonymize Personally Identifiable Information (PII)
check box. In this example, we add the
Anonymize Personally Identifiable Information (PII)
and
PII Last Anonymized Date
to the right-side of the
General
section of the
Resource Settings
page.
c5.png
Manage Protection
: Authorized users, for example resource managers, can select the
Anonymize Personally Identifiable Information (PII)
check box to flag this resource for protection. The next time an administrator runs the
Anonymize Personally Identifable Information (PII)
job, the
Resource Settings
page will show the date in the
PII Last Anonymized Date
field. Unless you plan on anonymizing
all
resources, to apply protections you must clear the
Active
check box. Typically, only
inactive
resources are subject to anonymization.
c6.png
Administration
: The lead system administrator configures the availability of the Anonymize Personally Identifiable Information (PII) job. They answer the following important questions:
Who can run this job?
Can those authorized users anonymize only inactive resources who are flagged for protection?
Can those authorized users anonymize all resources?
Do the data protection policies in place at my organization warrant such use?
To anonymize all resources, the system administrator clears the read-only constraint on the parameter appropriately named
WARNING! Anonymize ALL Resources
. The administrator makes an optional secure backup. Before the job runs, an administrator determines if that instance of the job is going to scramble only the subset of selected inactive resources, or all resources.
c7.png
Administration
: The administrator runs the Anonymize Personally Identifable Information (PII) job with the following check box selected:
Anonymize Only Inactive Resources with Anonymize PII Selected
. The job scrambles
only
the personal attributes of the
inactive
resources that also have their
Anonymize Personally Identifiable Information (PII)
check box selected.
c8.png
Protection
: After all these levels of security, the designated resources show a serialized coded value to protect their original data which is now obfuscated forever. In the example above, two resources continue to show their historic resource manager assignment. However, Cheryl Amos now appears throughout the application as
ZZZ5000366
. If you select one or more new personal attributes to protect, her scrambled data changes to show new serialized values.
Verify that you have backed up all your resource data before you run the Anonymize Personally Identifiable Information (PII) job. When you run this job, the resource data is permanently obfuscated. You cannot undo this operation. CA Support and CA Services personnel cannot help retrieve lost data unless you made a reliable backup. A backup is helpful if you are testing the feature and want to restore data, or you accidentally obfuscated data that you want to restore. However, you might need to encrypt, obfuscate, or purge the backup to comply with your security policies or other regulations.
 
Install the PII Content Items
SaaS users do not have to perform these steps. The content items for on-premise customers are automatically installed in new environments when you install the PMO Accelerator; however, upgrading customers can choose when to perform these steps or to decline.
Follow these steps
:
  1. Log in to 
    Clarity PPM
     as an administrator.
  2. Click 
    Administration
    Studio
    Content Add-ins
  3. Open the 
    Accelerator - Program Management Office
     add-in and click the 
    Items
     tab.
  4. In the 
    Content Item Name
     filter field, enter 
    *pii*
    The following content items appear:
    Anonymize PII - Job
    PII Attribute - Lookup
    PII Attribute Filter View - View
    PII Attribute List View - View
    PII Attribute Object - Object
    PII Attribute Property Views - View
    PII Attributes - Menu
  5. Select all seven items and click 
    Install
    The items show a 
    Status
     of 
    Installed
    .
Add Personally Identifiable Information Setup Fields to a Page Layout
By default, the attributes for anonymization setup and the last run date for the job do not appear in the application. As an administrator, you can control the resource data and setup data; however, we recommend that you organize the setup attributes in one convenient place.
  1. Click 
    Administration
    Studio
    Objects
  2. Filter the object list and open the 
    Resource
     object.
  3. Click the 
    Views
     tab. 
  4. Click 
    [Layout-Edit]
     setup for the 
    Resource Labor
     view.
  5. Choose 
    Settings
    General
     page or, for stronger security, use a secure subpage. 
    : We recommend that you add the personal data attributes to a subpage and set access rights to protect the subpage.
  6. Click the 
    Properties and Layout
     icon.
  7. Add the 
    Anonymize Personally Identifiable Information (PII)
     and 
    PII Last Anonymized Date
     fields.
  8. Click 
    Save and Return
    .
Select the Protected Resources
Advise resource managers and other users with access rights that they can now flag a resource for protection. Seeded admin resources are not anonymized.
  1. Click 
    Home
    Resource Management
    Resources
    .
  2. Open a labor resource. You can anonymize only resources of type
    labor
    .
  3. Click 
    Properties
    Settings
    .
  4. The resource manager can select the 
    Anonymize Personally Identifiable Information (PII) 
    check box to flag this resource for protection. 
  5. Clear the
    Active
    check box. The anonymization job skips active resources unless you specify the 
    WARNING! Anonymize All Resources
    parameter.
  6. The 
    PII Last Anonymized Date
     shows 
    1/1/1900
     by default. 
    After you run the Anonymize Personally Identifable Information (PII) job, the 
    PII Last Anonymized Date
    field displays the date. The 
    Anonymize Personally Identifiable Information (PII) 
    check box is cleared. Clearing the check box allows you to select one or more resources to anonymize in the future without scrambling the existing resources that you already scrambled. 
    : You do not need to mark an inactive resource for anonymization again. After the initial setup, future protection is automatic. For example, you define a new custom resource subobject or attribute with personal data. Add it to the list by clicking
    Home
    Custom Attributes
    PII Attributes
    . The system scrambles that subobject or attribute value for all anonymized resources.
Run the Job to Scramble the Data
As a prerequisite, set up DBLINK. The job fails without DBLINK.
Verify that you have backed up all your resource data before you run the Anonymize Personally Identifiable Information (PII) job. When you run this job, the designated personal resource data is permanently obfuscated. You cannot undo this operation. CA Support and CA Services personnel cannot help you retrieve lost data unless you made a reliable secure backup.
  1. Click
    Home
    ,
    Reports and Jobs
    , and click the
    Jobs
    tab.
  2. Run or schedule the Anonymize Personally Identifable Information (PII) job.
    1. To scramble only the selected inactive resources, select 
      Anonymize Only Inactive Resources with Anonymize PII Selected
      .
    2. To scramble all active and inactive resources, acknowledge the risk, and then select
      WARNING! Anonymize All Resources
      .
  3. Click 
    Home
    Resource Management
    Resources
    .
  4. Open a labor resource. You can anonymize only resources of type 
    labor
    .
  5. Click 
    Properties
    Settings
    .
    The 
    Resource Settings
     page shows the updated 
    PII Last Anonymized Date
    .
  6. To anonymize the protected data in the data warehouse, perform the following steps:
    1. Run the Load Data Warehouse job in
      full
      mode. An
      incremental
      load is not sufficient for pushing out the changes in resource data.
    2. Run the Load Data Warehouse Access Rights job.
Create Custom Attributes for Personally Identifiable Information
You can create a custom attribute on the Resource object in Studio. 
  1. Click 
    Administration
    Studio
    Objects
    .
  2. Filter the object list to open the 
    Resource
     object. Anonymization also supports the following custom resource subobject types: string, large string, number, date, and URL. Custom attachment subobjects are not supported.
  3. Click the 
    Attributes
     tab.
  4. Create an attribute. For example, create an attribute for the last four digits of a personal ID number or a five-digit pin. Anonymization supports the following custom attribute types: string, large string, number, date, attachment, and URL. 
  5. Click 
    Home
    Custom Attributes
    PII Attributes
    . Add your new attribute to the Personally Identifiable Information (PII) Attribute List page. Custom attachment attributes do not appear in the list; however, the job can still protect attachment instances for protected resources. Instead of anonymizing attachments, the application deletes them. 
: You can also use the XOG to import custom resource subobjects or attributes in bulk.  
After you anonymize a resource, you do not have to continue to mark them for repeated scrambling. Anonymized resources are automatically re-anonymized when you add a new custom attribute to the list of protected data. The logical explanation is that the resource has already been flagged for protection of all personal data.
Attachments for Anonymized Resources
The feature handles any attachments on the resource object. However, attachment custom attributes for the resource object or subobjects are not available for selection in the PII Attribute object lookup.
Instead of scrambling data in attachments, they are deleted. Attachments include any files that the user uploaded, even their personal avatar image. 
  • The Anonymize Personally Identifable Information (PII) job flags resource custom attributes defined as attachments to be purged.
  • The Purge Documents job purges these documents for all anonymized resources. The job purges the attachments of all protected resources whenever it runs. The job parameters you select for projects or other criteria do not limit this behavior.
  • Exception
    : Any attachments in custom attributes for resource subobjects are not flagged or purged.
Database and Data WareHouse Fields With Personal Data
As a summary, this feature anonymizes resource attributes including resource ID, first, middle, and last name, full name, and email address. The resource data can appear in multiple locations throughout the system including user, contact, and audit trail data. Resource data might also appear in conversations, classic PPM discussions, transactions, the rate matrix, billing data, and within the legacy datamart.
For readers looking for specific low-level details, the following schema tables and fields are subject to obfuscation. In other words, these attributes can be protected by replacing the original data with an encoded serialized number.
6
6
CMN_AUDITS
  • value_before
  • value_after
  • raw_value_before
  • raw_value_after
CMN_SEC_USERS
  • user_name
  • first_name
  • middle_name
  • last_name
  • email_address
  • sms_email_addresss
  • photo_file
  • full_name
  • bo_user
  • user_uid
  • favorite_photo
NBI_PROJECT_CURRENT_FACTS
  • ae_last_name
  • ae_first_name
  • manager_last_name
  • manager_first_name
NBI_RESOURCE_CURRENT_FACTS
  • manager_last_name
  • manager_first_name
  • resource_code
  • last_name
  • first_name
NBI_RT_FACTS
  • resource_code
  • last_name
  • first_name
  • manager_last_name
  • manager_first_name
NMC_CONVERSATIONS
  • resource_name
NMC_INTEGRATIONS
  • user_name
  • proxy_user_name
ODF_CA_RESOURCE
  • obj_bi_user_id
PAC_MNT_PROJECTS
  • resource_code
  • approvedby_resource_code
  • awaitapprvl_resource_code
PAC_MNT_RESOURCES
  • resource_code
  • reportsto_resource_code
PPA_BILLING
  • resource_code
  • entry_resource_code
  • lastupdtdby_resource_code
PPA_MATRIXVALUES
  • value1…value10
PPA_POSTINGBATCH
  • post_resource_code
PPA_TRANSBILL
  • resource_code
  • entry_resource_code
  • lastupdtdby_resource_code
PPA_TRANSCONTROL
  • resource_code
  • entry_resource_code
  • lastupdtdby_resource_code
PPA_TRANSWIPADJUST
  • resource_code
  • entry_resource_code
  • lastupdtdby_resource_code
PPA_WIP
  • resource_code
  • entry_resource_code
  • lastupdtdby_resource_code
PROJSTAFF
  • resource_code
PROJREVISION
  • approvedby_resource_code
  • awaitapprvl_resource_code
  • resource_code
SRM_CONTACTS
  • job_title
  • address1
  • address2
  • address3
  • city
  • state_province
  • country_id
  • postal_code
  • phone_home
  • phone_work
  • phone_cell
  • phone_fax
  • phone_pager
  • url
SRM_RESOURCES
  • unique_name
  • first_name
  • middle_name
  • last_name
  • full_name
  • email
  • sms_email
 
Disclaimer: CA is not responsible for protected data that you anonymize and later decide you want to retrieve.