Masking Personal Identifiable Information (PII) data
As part of GDPR support, IBM Sterling® Order Management System masks the individual's personal sensitive information so that the log tracing does not show this information in the log files.
IBM Sterling Order Management System masks the values of PII attributes (for example,
@EMailID
, @AlternateEmailId
, and @CustomerEMailID
)
available in the input and output XMLs that appear in the log files. These attributes are replaced
with the string --masked--.
IBM Sterling Order Management System provides following log4j2 layout filters to mask the sensitive PII data.
- PIIXMLFilter - To mask the PII data available in the input or output XMLs that appears in the API or Service log files.
- SPIIFilter - To mask the sensitive PII data that appears in the API or Service log files.
The PIIXMLFilter layout filter replaces the values of the following XML attributes in the API or Service log files with the string --masked--:
Attribute Category | Attribute Name |
---|---|
Personal Details | @FirstName , @LastName , @CustomerFirstName ,
@CustomerLastName |
Contact Address | @AddressLine1 , @AddressLine2 ,
@AddressLine3 |
Contact Email | @EMailID , @AlternateEmailID ,
@CustomerEMailID , @EmailAddress , @EmailId |
Contact Phone Number | @DayPhone , @EveningPhone , @MobilePhone ,
@OtherPhone , @CustomerPhoneNo , @DayFaxNo ,
@EveningFaxNo |
Credit or Debit Card Details | @CreditCardExpDate , @CreditCardName ,
@CreditCardNo , @DebitCardNo |
Account and Payment Details | @CustomerAccountNo , @PrimaryAccountNo ,
@SvcNo , @PaymentReference1 , @PaymentReference2 ,
@PaymentReference3 |
The SPIIFilter layout filter replaces the values for the following keywords in the API or Service log files with the string *--masked--*:
Keyword Category | Keyword Name |
---|---|
Credit or Debit Card and Account Details | Password, CVV, CreditCardNo, DebitCardNo, SvcNo, CustomerAccountNo, PrimaryAccountNo |
Login Details | LOGINID, USER_ID |
The paymentFilter is the default layout filter for IBM Sterling Order Management System. IBM Sterling Order Management System deployment script includes PIIXMLFilter and SPIIFilter to the paymentFilter so that the PIIXMLFilter and SPIIFilter filter patterns are also applied by default on all IBM Sterling Order Management System environments.
paymentFilter
, then you need to assess the filter patterns that are
provided in the PIIXMLFilter
and SPIIFilter
layout filters and
also include them in your layout filter by making the following changes in the
customer_overrides.properties
file:logfilter.filterset.<custom_filter>.includes=PIIXMLFilter,SPIIFilter