PII Data Storage and Security

When it comes to storing Personally Identifiable Information (PII), we implement robust security measures to ensure data privacy and meet compliance regulations. This section includes information about Encryption and Masking, Access Controls, and Anonymizing User PII Data.

Encryption and Masking

ChangeGear uses Transparent Data Encryption (TDE) at rest, meaning that it provides security for databases, log files, and data backups. This helps ensure that if the physical media are stolen, the data cannot be read without the encryption keys.

To implement TDE on a SQL Database, you can follow this detailed guide provided by Microsoft. Along with TDE, ChangeGear also uses Dynamic Data Masking to ensure the data in transit is also secured and privacy uncompromised.

Access Controls

ChangeGear's access controls restrict who can access your PII, providing an essential layer of security. This typically involves setting up user roles and permissions, with each role granted specific access rights to the PII data.

Key elements of access control include:

  • Authentication: Verifying the identity of users before they can access the data.

  • Authorization: Ensuring a user only has access to the data they are permitted to view or edit.

  • Accountability: Logging user actions for auditing purposes to ensure users are responsible for their activities.

By combining encryption and access controls, you can significantly enhance the security of PII within your organization. Remember, the goal isn't just to protect your data—it's also to earn the trust of those whose data you're protecting. See the Access Control and Authorization topic for more information.

Anonymizing User PII Data 

The General Data Protection Regulation (GDPR) requires organizations to erase personal data upon request under certain conditions. GDPR Article 17, also known as the Right to Erasure or the Right to be Forgotten, allows users to request the removal of their personal data from an organization's records under certain conditions. These conditions include:

  • when the data is no longer necessary for the original purpose

  • when the data subject withdraws consent

  • when the data has been unlawfully processed

Organizations must respond to such requests within one month, unless there is a legal basis for retaining the information, such as compliance with a legal obligation or for reasons of public interest.

When a user requests removal of their PII, an Administrator with the appropriate role privileges to manage PII can anonymize their personal data in Web Administration.

Note: This functionality is only available in Web Admin.

To anonymize user data:

  1. In ChangeGear Web, navigate to the Administration tab.

  2. Under the Platform node, click SecurityUsers. Select a user to modify.

  3. Click on the Forget User icon. In the confirmation dialog, ChangeGear displays the message "Are you sure you want to remove all PII data for the selected user". Click OK to confirm the change and close the dialog.

  1. Fields marked as PIISensitive are hashed (see Phone in the example below), with no trace of the original values and the user account is disabled.

Note: You can't anonymize users with Administrator or Service Account roles; if a user is in this role, ChangeGear responds with an error message indicating that PII data cannot be removed for the user.