Forums / Categories / JD Edwards / Interested in how other companies manage PII data risk?

    Interested in how other companies manage PII data risk?

    We are an iSeries DB2, 9.2 apps and 9,2,2,4 tools shop. I am curious to find out how others are managing their risks with PII data? Our internal standards are:

    • PII Data is encrypted at rest and in-transit.
    • PII Data is not used for any purpose than the original purpose.
    • Access to PII data is restricted to "Need to Use".
    • PII Data is promptly purged after the original purpose has been met.
    • PII Data is not copied or replicated (other than for HA and DR), which means EXCLUDED from moving into BI.
    • PII Data is not copied to non-production environments.

    The encryption and DON'T COPY requirements seem to be the biggest concern.

    I would like to hear how others are accomplishing this.

    Thanks,
    Steve

    @jim-demes Thanks for the feedback.

    @steve-dollard A few things we do off the top of my head:

    • Role based security
    • Application security on running P0030A Bank Accounts by Address (and only one role can add/change/delete)
    • Column security to restrict viewing bank account/bank transit fields on F0030
    • Column security to restrict viewing Tax ID in F0101/W03013B/W04012A
    • Do not copy F0030 records to data warehouse
    • Do not copy Tax ID for individuals to data warehouse
    • After copying data to non-production environments, we run a set of SQL updates to remove individuals' bank accounts and tax IDs
     
Log in to reply

Looks like your connection to Quest Oracle Community was lost, please wait while we try to reconnect.