Contribute in GitHub:
Edit online
copyright: years: 2017, 2020 lastupdated: "2023-02-12"
IBM® Voice Gateway and SMS Gateway considerations for GDPR readiness
For PID(s): 5737-D52,D1STQLL
Notice
This document is intended to help you in your preparations for GDPR readiness. It provides information about features of IBM® Voice Gateway that you can configure, and aspects of the product’s use, that you should consider to help your organization with GDPR readiness. This information isn't an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Table of Contents
- GDPR
- Product Configuration for GDPR
- Data Life Cycle
- Data Processing
- Data Deletion
- Data Monitoring
- Responding to Data Subject Rights
1. GDPR
General Data Protection Regulation (GDPR) has been adopted by the European Union (“EU”) and applies from May 25, 2018.
Why is GDPR important?
GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:
- New and enhanced rights for individuals
- Widened definition of personal data
- New obligations for companies and organizations handling personal data
- Potential for significant financial penalties for non-compliance
- Compulsory data breach notification
Read more about GDPR
2. Product Configuration - considerations for GDPR Readiness
The following sections provide considerations for configuring Voice Gateway to help your organization with GDPR readiness.
Offering configuration
Voice Gateway combines different microservices to coordinate communication between end users (referred to as customers ) and cognitive services.
Voice Gateway includes the following microservices:
- SIP Orchestrator
- Media Relay
- SMS Gateway
- Speech to Text Adapter
Voice Gateway contains several types of microservices that route the information that customers provide during conversation with voice agents or agent assistants. These microservices don't collect or store data, and there is no data at rest.
Voice Gateway also uses the following external services, which do collect or store data:
- Watson Assistant
- Speech to Text
- Text to Speech
During normal operation, phone numbers of customers can be included in logs which are generated to track the performance of Voice Gateway. These logs are used for diagnostic purposes and only accessible by users with System Administrator privileges. Additionally, the logs are regularly overwritten after an interval that can be customized by the user.
You can read more about the Data life cycle to better understand how Voice Gateway interacts with data. Or, you can see the documentation About Voice Gateway and About SMS Gateway for a comprehensive description of each.
Encryption
Users need to encrypt the disk where Voice Gateway is deployed to protect the IBM® Text to Speech cache. See Getting started.
Text to Speech caching exclusion
To converse with customers, Watson Assistant crafts responses as text, which are sent to the customer in SMS Gateway or passed to the Text to Speech service and spoken aloud in Voice Gateway. The responses that Watson Assistant creates might
contain sensitive information. To prevent the Voice Gateway from caching responses received from the Text to Speech service that contain personal data, you can enable the vgwActExcludeFromTTSCache action command to exclude utterances
that contains certain types of information from being cached. See Action tags and state variables in the Voice Gateway API.
Logging
Phone numbers are logged for problem diagnosis and performance assessment during the operation of Voice Gateway, and then regularly overwritten with new logs. Users can configure the microservices to customize the interval of time between overwriting the logs.
Media Relay
You can configure environment variables to adjust the length of time that logs are kept by changing the MEDIA_RELAY_LOG_LEVEL, MEDIA_RELAY_LOG_ROTATION_FILE_COUNT, or MEDIA_RELAY_LOG_ROTATION_PERIOD variables.
Using the default settings of these environment variables ensures that you don't collect or store customer information in the logs. See Configuring logging and tracing for Voice Gateway.
MEDIA_RELAY_LOG_LEVEL: By default, this variable is set toINFO, which only contains operational information about Voice Gateway.DEBUGandTRACElogs can contain more detailed operational information including transcripts.MEDIA_RELAY_LOG_ROTATION_FILE_COUNTandMEDIA_RELAY_LOG_ROTATION_PERIOD: These variables determine the number of files kept and the length of time that the logs are stored in that file. For example, the default setting forMEDIA_RELAY_LOG_ROTATION_FILE_COUNTis 10, so there are 10 files. The default forMEDIA_RELAY_LOG_ROTATION_PERIODis1d, so each file is a record of logs collected during 1 day or 24 hours. This means that every 10 days, the log files are rotated and overwritten. You can reduce the duration that logs are kept by reducing eitherMEDIA_RELAY_LOG_ROTATION_FILE_COUNTorMEDIA_RELAY_LOG_ROTATION_PERIOD.
SIP Orchestrator
Transcripts of conversation between a customer and a voice agent or SMS agent might contain personal data. While you can enable logging to include these transcripts, Voice Gateway disables collection of transcripts by default. See Configuring logging and tracing for Voice Gateway.
You can ensure that transcripts are not included in log messages by setting the ENABLE_TRANSCRIPTION_AUDIT_MESSAGES to false.
If LOG_LEVEL is set to FINE, FINEST, or ALL, customer data might be collected in the SIP Orchestrator Logs. Verify that LOG_LEVEL is set to off, fatal,
severe, warning, or info to prevent collecting personal data in the log files.
The maskCallerID environment variable can hide Caller ID. By default, the value is set to false, meaning that phone numbers are displayed. You can set the maskCallerID variable to true to
avoid collecting this type of personal data.
SMS Gateway
Transcripts of conversation between a customer and a voice agent or SMS agent might contain personal data. While you can enable logging to include these transcripts, Voice Gateway disables collection of transcripts by default.
You can ensure that transcripts are not included in log messages by setting the ENABLE_TRANSCRIPTION_MESSAGES to false.
If LOG_LEVEL is set to FINE, FINEST, or ALL, customer data might be collected in the SIP Orchestrator Logs. Verify that LOG_LEVEL is set to off, fatal,
severe, warning, or info to prevent collecting personal data in the log files.
See Configuration variables for SMS Gateway for more information about how to configure your environment variables.
Report forwarding
Users can configure external services to integrate with Voice Gateway to monitor call related events and improve quality assurance. Call data and report events are not stored, processed, or collected within Voice Gateway, and users should configure their external services appropriately to comply with GDPR. By default the external services configurations are disabled.
Watson services reporting events
You can configure Voice Gateway to generate and forward reporting events to external services including Watson Assistant turn events and transcription events. These events include text transcriptions and other information that could potentially contain sensitive datam, such as personal data. This data isn't stored, collected, or processed using Voice Gateway, apart from forwarding to a service configured by the user.
Call recording
By default, call recording is disabled, but users can configure Voice Gateway to record call audio to WAV files on the file system where it's installed. The recordings capture audio from the customer and the voice agent. In order to protect recordings and be GDPR compliant customers must encrypt the disk on the system where Voice Gateway is deployed. See Recording and monitoring call data.
Enabling data deletion
If you need to remove a customer's personal data, you can do so using a Service Orchestration Engine (SOE) to process information that is passing between Voice Gateway and an external service, like Watson Assistant. To maintain secure connections, ensure that you configure your SOE by using a secure URL, HTTPS, and user authentication.
See Data Processing for more details.
3. Data Life Cycle
End-to-end process
The Voice Gateway infrastructure coordinates the conversation between a customer and voice or SMS agents. A customer calls a phone number hosted by Voice Gateway. The customer can then converse with voice agents through speech. Voice Gateway coordinates the flow of information to and from customers and the services used to simulate an agent to enable conversation.
As part of Voice Gateway operation, customer speech is transcribed by IBM® Speech to Text, analyzed by Watson Assistant to create a response, then the response is synthesized into audio by IBM® Text to Speech, and is streamed back to the caller. For SMS Gateway, the customer interacts with an SMS agent session. SMS Gateway coordinates conversation between the customer and Watson Assistant.
Because users interact with the offering through spoken or written conversation, personal data can flow through the Voice Gateway and SMS Gateway. By default, Voice Gateway and SMS Gateway don't store personal data of the customers. This data only resides in Voice Gateway for the length of time necessary to orchestrate sending this data to external services.
Watson Assistant, Speech to Text, and Text to Speech do store data.
To learn more about the data lifecycle and operation of Voice Gateway, for both Voice and SMS agents, see the following topics which outline the operation of Voice Gateway:
4. Data Processing
Voice Gateway is a conduit for delivering data to other services which process the data. This includes voice (audio) data as well as text transcriptions of the audio flowing through Voice Gateway. The services that process the data outside of Voice Gateway include Speech to Text, Text to Speech, and Watson services such as Watson Assistant. Unless audio recording is enabled, there is no data at rest within the Voice Gateway.
Watson Assistant, Speech to Text, and Text to Speech do store data. See Data collection for information about how data is collected in these services.
All data paths to the speech and assistant type services are encrypted using TLS 1.2. Voice Gateway does NOT support encryption of RTP media traffic. This traffic is typically protected by the SIP trunking service provider or is unencrypted at the border of the network where Voice Gateway resides.
Data encryption
Voice Gateway does not store or collect data at rest and does not process personal data, apart from forwarding to a service configured by the user.
Data provided by customers is sent to the SIP endpoint over the telecommunications infrastructure. Data that moves through Voice Gateway or SMS Gateway is encrypted by default. See About Voice Gateway and About SMS Gateway.
Data collection
Services which process data outside of Voice Gateway require the ability to remove a customer's data from that service. This is done by associating all calls to the service with a unique customer ID for each user. Use a Service Orchestration Engine (SOE) to process information that is passing between Voice Gateway and an external service, such as Watson Assistant, Speech to Text, and Text to Speech.
Once data with a specific customer ID has been passed to an external service, the external service can then delete that data. See Data Deletion below.
5. Data Deletion
Data Deletion characteristics
Voice Gateway and SMS Gateway coordinate data flow between user defined services and applications. The types of data collected by external, user-defined services, and how that information is deleted, are determined by the user.
-
For more information on labeling and deleting data in Watson Assistant, see: Labeling and deleting data in the Watson Assistant service
-
For more information on labeling and deleting data in Speech to Text, see: Labeling and deleting data in the Speech to Text service
-
For more information on labeling and deleting data in Text to Speech, see: Labeling and deleting data in the Text to Speech service
6. Data Monitoring
Logging in Voice Gateway is fully outlined in the production documentation. See Logging and tracing for SMS Gateway and Configuring logging and tracing for Voice Gateway.
The log files can contain things such as the caller phone number. Please note that transcription events can also be enabled for the logging for debugging purposes, but are disabled by default and should be disabled in any production deployment.
7. Responding to Data Subject Rights
Since Voice Gateway and SMS Gateway don't store data at rest, collect, or process personal data, users must examine any data that they collect in external services to resolve any Data Subject requests. Any data that is logged by Voice Gateway or SMS Gateway is overwritten at regular time intervals.
Learn more about IBM's own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey GDPR Data Responsibility.