Start of change

Data Privacy for Diagnostics (DPfD)

Enterprises have a requirement to prevent customer personal or other sensitive information from being exposed to those who have no need to see such data. In the course of data processing, various types of system and application errors can require an installation to send diagnostic data to program vendors for analysis and problem resolution. Diagnostic data on the MVS platform typically takes the form of SVC dumps, Stand-Alone dumps (SADMP), LOGREC data, traces, system and application logs, etc. Dumps have the greatest exposure of containing sensitive data along with the required system and or application data.

Data Privacy for Diagnostics provides facilities for tagging sensitive data and subsequently producing redacted dumps which do not contain the tagged sensitive data. The original dump should be retained for the entire period that problem analysis is being conducted. The redacted dump would be made available to the appropriate program vendors.

To accomplish data tagging by applications, a set of services are provided by the storage management interfaces of the MVS operating system for Independent Software Vendor (ISV) applications and operating system components to use. For more information on tagging storage, see the Tagging 64-bit memory objects for data privacy topic of the Tagging 64-bit memory objects for data privacy in z/OS MVS Programming: Assembler Services Guide. Once data has been tagged, a set of services available via Interactive Problem Control System (IPCS) parts may be used to post process the dumps taken on z15 or later processors.

The following functions are being provided by OA57570:
  • You may redact any data tagged as sensitive=yes in SVC or stand-alone dumps captured on a z15 or later processor using the sample job SYS1.SAMPLIB(BLSJDPFD)
  • One may obtain a report about the pages which were marked as sensitive in a redacted dump using ‘SYS1.SBLSCLI0(BLSXREDR)’ providing an input dump dataset name, and optionally a filtering ASID.

The Data Privacy for Diagnostics Analyzer is introduced by the solution for OA58114. The Data Privacy for Diagnostics Analyzer provides the facilities to scan and identify data within dumps that may be sensitive personal information (SPI). Because of the complexity of guidelines, requirements and SPI data identification, the Analyzer requires installations to tailor its privacy controls for whatever unique distinctions are necessary to filter out SPI from diagnostic data. Over redaction is possible which can negatively impact problem diagnosis. Most system areas are tagged as not having sensitive data, so it is possible for some SPI to escape redaction. At its core is an application which runs via batch jobs. Those jobs may be tailored through an IPCS dialog, or manually managed by the installation. The details for setup and execution will be found within the Interactive Problem Control System (IPCS) framework which consists of documentation within the IPCS Customization, IPCS Commands and IPCS User’s Guide publications

End of change