GDPR: Protect Personally Identifiable Information
To help your organization protect the personally identifiable information (PII) of resources,
Classic PPMincludes data protection features. The availability of these new features coincides with the May 2018 General Data Protection Regulation (GDPR) in the European Union. GDPR is also included in the United Kingdom Data Protection Act. Compliance is required from any international firm with ties to data in the European Union.
GDPR data protection laws were enacted to provide EU citizens in all member states with greater control over their personal data. Businesses that compromise or misuse personal data are subject to possible fines. To mitigate these risks, including hacking, data breaches, and other cyber threats,
Classic PPMallows administrators to anonymize (randomize or scramble) specific PII data for inactive resources.
CAUTION: This feature permanently protects certain data by scrambling it. Access to original data is irretrievably lost. As an administrator, it is your responsibility to make a secure backup, if permitted by your security policies, before using this feature.
GDPR: Feature Highlights
Installation: Install the new content items for personally identifiable information (PII) from the PMO Accelerator. Installation is handled for SaaS customers. On-premise customers can decide when to install the content, or to decline.
Configuration: To organize the subset of attributes subject to protection, add any new attributes that you create for resource anonymization to this list. By default, the application is configured to anonymize the following attributes for inactive resources that you select: resource ID, resource full name, resource first name, resource last name, resource email address, and username. The complete list of obfuscated data appears further down this page.
New Protected Attributes: You can create a custom attribute on the
Resourceobject in Studio. These optional steps are not new. They are not shown on this page. Click
Objectsand filter the object list to open the
Resourceobject. For example, create an attribute for the last four digits of a personal ID number or a five-digit pin. Then click
PII Attributes. Add your new attribute to the
Personally Identifiable Information (PII) Attribute Listpage.
User Access: Configure the personal attributes on a page where other authorized users can access them. We recommend that you keep them together for easy access. For example, you want resource managers to edit a personal pin number or to set the
Anonymize Personally Identifiable Information (PII)check box. In this example, we add the
Anonymize Personally Identifiable Information (PII)and
PII Last Anonymized Dateto the right-side of the
Generalsection of the
Manage Protection: Authorized users, for example, resource managers, can select the
Anonymize Personally Identifiable Information (PII)check box to flag this resource for protection. The next time an administrator runs the
Anonymize Personally Identifiable Information (PII)job, the
Resource Settingspage will show the date in the
PII Last Anonymized Datefield. Unless you plan on anonymizing
allresources, to apply protections you must clear the
Activecheck box. Typically, only
inactiveresources are subject to anonymization.
Administration: The lead system administrator configures the availability of the Anonymize Personally Identifiable Information (PII) job. They answer the following important questions:
Who can run this job?
Can those authorized users anonymize only inactive resources who are flagged for protection?
Can those authorized users anonymize all resources?
Do the data protection policies in place at my organization warrant such use?To anonymize all resources, the system administrator clears the read-only constraint on the parameter appropriately named
WARNING! Anonymize ALL Resources. The administrator makes an optional secure backup. Before the job runs, an administrator determines if that instance of the job is going to scramble only the subset of selected inactive resources, or all resources.
Administration: The administrator runs the Anonymize Personally Identifiable Information (PII) job with the following check box selected:
Anonymize Only Inactive Resources with Anonymize PII Selected. The job scrambles
onlythe personal attributes of the
inactiveresources that also have their
Anonymize Personally Identifiable Information (PII)check box selected.
If you have enabled auditing for any of the custom attributes in the resource object, the Anonymize Personally Identifiable Information job may fail in PostgreSQL environments. Read this KB Article for more information on the cause and the workaround.
Protection: After all these levels of security, the designated resources show a serialized coded value to protect their original data which is now obfuscated forever. In the example above, two resources continue to show their historic resource manager assignment. However, Cheryl Amos now appears throughout the application as
Verify that you have backed up all your resource data before you run the Anonymize Personally Identifiable Information (PII) job. When you run this job, the resource data is permanently obfuscated. You cannot undo this operation. CA Support and Broadcom Service partners cannot help retrieve lost data unless you made a reliable backup. A backup is helpful if you are testing the feature and want to restore data, or you accidentally obfuscated data that you want to restore. However, you might need to encrypt, obfuscate, or purge the backup to comply with your security policies or other regulations.
Install the PII Content Items
The PMO Accelerator add-in is required. The content items for on-premise customers are automatically installed in new environments when you install the PMO Accelerator; however, upgrading customers can choose when to perform these steps.
Follow these steps:
- Log in toClassic PPMas an administrator.
- ClickAdministration,Studio,Content Add-ins.
- Open theAccelerator - Program Management Officeadd-in and click theItemstab.
- In theContent Item Namefilter field, enter*pii*The following content items appear:Anonymize PII - JobPII Attribute - LookupPII Attribute Filter View - ViewPII Attribute List View - ViewPII Attribute Object - ObjectPII Attribute Property Views - ViewPII Attributes - Menu
- Select all seven items and clickInstall.The items show aStatusofInstalled.
Create Custom Attributes for Personally Identifiable Information
The resource attributes First Name, Last Name, Resource ID, and Email Address are anonymized by default. If you want to store PII information in a custom attribute and anonymize its value, you can configure that attribute as a Personally Identifiable Information.
- Filter the object list to open theResourceobject.
- Click theAttributestab.
- Create an attribute. For example, create an attribute for the last four digits of a personal ID number or a five-digit pin. Anonymization supports the following custom attribute types: string, large string, number, date, and URL. Custom object attachments are not included. See theStudiodocumentation in theReferencesection of the English edition of the documentation.
- ClickHome,Custom Objects,PII Attributes. Add your new attribute to the Personally Identifiable Information (PII) Attribute List page.You can also use the XOG to import custom attributes in bulk.
- Click the Views tab and add the new attribute to the appropriate layout.
Add Personally Identifiable Information Fields to a Page Layout
You can organize personal information in one convenient place.
- Filter the object list and open theResourceobject.
- Click theViewstab.
- Click[Layout-Edit]setup for theResource Laborview.
- ChooseSettings,Generalpage or, for stronger security, use a secure subpage.We recommend that you add the personal data attributes to a subpage and set access rights to protect the subpage.
- Click theProperties and Layouticon.
- Add theAnonymize Personally Identifiable Information (PII)andPII Last Anonymized Datefields.
- ClickSave and Return.
Select the Protected Resources
As a resource manager or a user with appropriate access rights to resources, you can now flag one or more resources for protection.
Seeded admin resources are not anonymized. The system does not allow you to anonymize the admin and csk.admin (PMO Accelerator) users.
Follow these steps:
- ClickHome,Resource Management,Resources.
- Open a labor resource. You can anonymize only resources of typelabor.
- Select theAnonymize Personally Identifiable Information (PII)check box to flag the resource for protection.After you run the Anonymize Personally Identifiable Information (PII) job, thePII Last Anonymized Datefield displays the date and theAnonymize Personally Identifiable Information (PII)check box is cleared.If you update an already anonymized data, you must select theAnonymize Personally Identifiable Information (PII)checkbox again for the updated data to be scrambled again. However, if you add a new PII custom attribute, you need not select the checkbox manually. The job automatically scrambles the values of all PII attributes (new and updated) for all the protected resources.
As a prerequisite, set up DBLINK. The job fails without DBLINK.
Run the Job to Scramble the Data
Verify that you have backed up all your resource data before you run the Anonymize Personally Identifiable Information (PII) job. When you run this job, the designated personal resource data is permanently obfuscated. You cannot undo this operation. CA Support and Broadcom Service partners cannot help you retrieve lost data unless you made a reliable secure backup.
- ClickHome,Reports and Jobs, and click theJobstab.
- Run or schedule the Anonymize Personally Identifiable Information (PII) job. Leave theAnonymize Only Inactive Resources with Anonymize PII Selectedoption checked.The job anonymizes PII attributes for all protected resources.TheWARNING! Anonymize ALL Resourcesparameter will anonymize all the internal resources, irrespective of their status or anonymization flag. This option is set to read-only by default in the job to avoid accidental selection. If you have a use case to anonymize all internal resources, remove the read-only flag from the job parameters list. Ensure that you use this parameter with extreme caution as you cannot revert once the resource data is anonymized. The users' status changes to Lock and they can no longer accessClarity.If you have enabled auditing for any of the custom attributes in the resource object, the Anonymize Personally Identifiable Information job may fail in PostgreSQL environments. Read this KB Article for more information on the cause and the workaround.
- ClickHome,Resource Management,Resources, and open an inactive, protected resource to verify whether the PII Information is anonymized.
- To anonymize the same data in the data warehouse, run the Load Data Warehouse job in full mode. An incremental load is not sufficient for pushing out the changes in resource data.
The feature handles any attachments on the resource object. However, attachment custom attributes for the resource object or subobjects are not available for selection in the PII Attribute object lookup.Instead of scrambling data in attachments, they are deleted. Attachments include any files that the user uploaded, even their personal avatar image.
Attachments for Anonymized Resources
- The Anonymize Personally Identifiable Information (PII) job flags resource custom attributes defined as attachments to be purged.
- The Purge Documents job purges these documents for all anonymized resources. The job purges the attachments of all protected resources whenever it runs. The job parameters you select for projects or other criteria do not limit this behavior.
- Exception: Any attachments in custom attributes for resource subobjects are not flagged or purged.
The following schema tables and fields are subject to obfuscation. In other words, these attributes can be protected by replacing the original data with an encoded serialized number.
Database and Data WareHouse Fields With Personal Data
Disclaimer: CA is not responsible for protected data that you anonymize and later decide you want to retrieve.