ConnectionsExpert (CE) offers two variants of data protection that are used throughout the product: Anonymization and Pseudonymization. Which one is used depends on the data that is being looked at, the state of the user profile and what is set up via license or configuration.
Anonymization and Pseudonymization in ConnectionsExpert
Tracing individual user activity is a topic that is strictly regulated by workers councils in many European countries and/or must in some cases be handled in consideration of regulations around the GDPR. Since much of CE's functionality is based on user activity and events, this layer of data protection is necessary.
Definition of data protection terms
Pseudonymization is a method to substitute identifiable data with a reversible, consistent value. (e.g. "john.doe@acme.com" becomes "pseudonymized.4711@acme.com")
Anonymization is the destruction of the identifiable data. (e.g. value of field "job responsibilities" turns from "Chief Technical Officer" into "-[ Anonymized ]-")
There are two main scenarios when one or more of these techniques are used:
- Anonymization / Pseudonymization is enabled via the license or configuration
- A user is deleted in Connections
Anonymization and Pseudonymization Settings
Controlled by license
Your CE license has a license property that controls whether user data is anonymized or pseudonymized in your environment. The default for this property is that Anonymization / Pseudonymization is enabled unless requested otherwise. You can check your setting in the System Configuration menu to verify your status.
Visit the panagenda Help Center support.panagenda.com if you would like to request a license with a setting that is different from the one in your existing license.
Controlled by configuration
In certain situations it may be convenient to activate Anonymization / Pseudonymization even though the license does not require it. In that case it can be configured manually via an ETL parameter:
- Open the advanced configuration page by visiting the site /idna/sys/etl on your CE server
- Log in with an administrator user (e.g. "config")
- Activate the property "cnx_obfuscate_profiles_override"
- Save the setting using the "update" button
This setting CANNOT be used to disable Anonymization / Pseudonymization if the license specifies that it must be enabled.
What is affected by Anonymization or Pseudonymization?
Protection of user profiles
The main area restricted by Anonymization / Pseudonymization are clearly user profiles. These are daily imported from connections and are used in many different areas throughout CE, both for data processing as well as visualization tasks.
The most obvious example is the list of user profiles, where data is split in three different categories:
- Pseudonymized (Blue): personal identifiers like name, email address, uid, etc.
- Anonymized (Red): user specific properties like phone number, job responsibilties, blog URL, etc.
- Not altered (Green): common properties like Internal/External, Is (Not) Manager, Has Photo Uploaded, etc.
These three methods are used throughout the solution, including tables available via the DataMiner analytics API.
Handling of deleted users
If IBM Connections users are deleted from the underlying database, that profile will undergo a process where Anonymization / Pseudonymization also plays a role. Similar to the handling of active user profiles, this persons properties will be processed depending on their content and either pseudonymized, anonymized or not altered. The main difference is that these users will be referred to as "-[ Deleted User XXX ]-" rather than "-[ Pseudonymized User XXX ]-".
Keeping records of these deleted users ensures consistency of collected data when referencing events with users.