View Source

ConnectionsExpert (CE) offers two variants of data protection that are used throughout the product: Anonymization and Pseudonymization (A&P). Which one is used depends on the data that is being looked at, the state of the user profile and what is set up via license or configuration.

Anonymization and Pseudonymization in ConnectionsExpert

Tracing individual user activity is a topic that is strictly regulated by workers councils in many European countries and/or must in some cases be handled in consideration of regulations around the GDPR. Since much of CE's functionality is based on user activity and events, this layer of data protection is necessary.

Pseudonymization is a method to substitute identifiable data with a reversible, consistent value. (e.g. "john.doe@acme.com" becomes "pseudonymized.4711@acme.com")

Anonymization is the destruction of the identifiable data. (e.g. value of field "job responsibility" turns from "Chief Technical Officer" into "-[ Anonymized ]-")

There are two main scenarios when one or more of these techniques are used:

Anonymization / Pseudonymization is enabled via the license or configuration
A user is deleted in Connections

Anonymization and Pseudonymization Settings

Controlled by license

Your CE license has a license property that controls whether user data is anonymized or pseudonymized in your environment. The default for this property is that A&P is enabled unless requested otherwise. You can check your A&P setting in the System Configuration menu to verify your status.

ConnectionsExpert > Data Protection in User Profiles > image2018-11-14_12-19-57.png

Visit the panagenda Help Center support.panagenda.com if you would like to request a license with a setting that is different from the one in your existing license.

Controlled by configuration

In certain situations it may be convenient to activate A&P even though the license does not require it. In that case it can be configured manually via an ETL parameter:

Open the advanced configuration page by visiting the site /idna/sys/etl on your CE server
1. Log in with an administrator user (e.g. "config")
Activate the property "cnx_obfuscate_profiles_override"
Save the setting using the "update" button

ConnectionsExpert > Data Protection in User Profiles > image2018-11-14_12-46-25.png

This setting CANNOT be used to disable A&P if the license specifies that it must be enabled.

What is affected by Anonymization or Pseudonymization?

Protection of user profiles

The main area restricted by A&P are clearly user profiles. These are daily imported from connections and are used in many different areas throughout CE, both for data processing as well as visualization tasks.

The most obvious example is the list of user profiles, where data is split in three different categories:

ConnectionsExpert > Data Protection in User Profiles > image2018-11-14_13-3-59.png

Pseudonymized (Blue): personal identifiers like name, email address, uid, etc.
Anonymized (Red): user specific properties like phone number, job responsibilties, blog URL, etc.
Not altered (Green): common properties like Internal/External, Is (Not) Manager, Has Photo Uploaded, etc.

These three methods are used throughout the solution, including tables available via the DataMiner analytics API.

Handling of deleted users

If IBM Connections users are deleted from the underlying database, that profile will undergo a process where A&P also plays a role. Similar to the handling of active user profiles, this persons properties will be processed depending on their content and either pseudonymized, anonymized or not altered. The main difference is that these users will be referred to as "-[ Deleted User XXX ]-" rather than "-[ Pseudonymized User XXX ]-".

Keeping records of these deleted users ensures consistency of collected data when referencing events with users.