Considerations for GDPR readiness
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients' business and any actions the clients might need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein aren’t suitable for all client situations and might have restricted availability. IBM doesn’t provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Table of contents
GDPR
General Data Protection Regulation (GDPR) has been adopted by the European Union ("EU") and applies from May 25, 2018.
- Why is GDPR important?
-
GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:
- New and enhanced rights for individuals
- Widened definition of personal data
- New obligations for processors
- Potential for significant financial penalties for non-compliance
- Compulsory data breach notification
- Read more about GDPR
Product Configuration - Considerations for GDPR Readiness
- Offering configuration
-
The following sections provide considerations for configuring Network Performance Insight to help your organization with GDPR readiness.
The information collected and processed by Network Performance Insight is primarily network performance data, possibly with device connection information. However, the user login credentials (user name and password) are managed by a different product, Security Services.
Data Life Cycle
- What is the end-to-end process through which personal data goes through when using the offering?
-
This offering processes network information. Network Performance Insight is integrated with Security Services, which manages the user credentials. The personal content managed is limited to basic personal information.
- Personal data used for online contact with IBM
-
Network Performance Insight clients can submit online comments, feedback, or requests to contact IBM about Network Performance Insight subjects in various ways, primarily:
- Public comments area on pages in the Network Performance Insight community on IBM developerWorks®
- Public comments area on pages of Network Performance Insight documentation in IBM Knowledge Center
- Public comments in the Network Performance Insight space of dWAnswers
- Feedback forms in the Network Performance Insight community
Typically, only the client name and email address are used, to enable personal replies for the subject of the contact, and the use of personal data conforms to the IBM Online Privacy Statement.
Data Collection
- Types of data collected
-
Network Performance Insight only collects technically identifiable personal information such as device IDs, usage-based identifiers, static IP address.
Authentication credentials are done by Security Services and Network Performance Insight doesn’t log in to any other database directly.
Data Storage
Network Performance Insight provides the data files and database backups through Ambari services. See the following link for this topic:
Storage can be archived, but cannot be encrypted during backup. All the passwords can be encrypted. See the following link:
Data Access
Network Performance Insight uses Security Service for user authentication. Only authenticated users with correct access rights can view network traffic reports that contain IP addresses and its network usage.
For the users, Network Performance Insight data access is through Dashboard Application Services Hub portal.
Setting up communication with Jazz for Service Management on Ambari
Data Processing
Network Performance Insight captures NetFlow and performance data. It contains traffic usage pattern based on IP address. It doesn’t have information on who owns the IP addresses. NetFlow records can be transferred by using UDP or SCTP to Network Performance Insight. UDP and SCTP are the supported protocols by NetFlow standard.
Special configuration is required for SCTP protocol only:
Configuring Security-Enhanced Linux (SELinux) to support SCTP protocol
For both UDP and SCTP the port numbers are set from Ambari:
Setting up Flow Collector Service
User name and password are stored in external IBM Security Services. IP address information isn’t encrypted. Passwords are encrypted by the npm-encrypt.sh script that is available in:
/opt/IBM/basecamp/basecamp-tools/bin/npm-encrypt.sh
For more information, see Encrypting passwords.
Data Deletion
Network Performance Insight data and log files are deleted based on data retention. The data will be removed after the specified retention periods. Log files have their retention period of 10 days. For more information, see:
These retention profiles for log files and also the database can be configured. For more information, see:
Data Monitoring
No personal or user information is written into logs, but the log files aren’t encrypted in Network Performance Insight. Typically, only the Network Performance Insight administrator can access those log files and no user names and passwords or IP addresses are included in memory dumps.
Capability for Restricting Use of Personal Data
In Network Performance Insight, data can be restricted by turning off export at devices or adding the devices into black list router. This way either the device doesn’t produce the performance data, or the device is added to the black list, so there will be no data processing in Network Performance Insight for that device.
You can black list some exporters from sending Flow data to the Flow Collector Service. See the link to configure this setting from Ambari from here: