Data Privacy and Data Governance – What Delivered Functionality Already Exists - or is Currently Being Planned - in Campus Solutions 9.2
Author: Stephen Brawn, Northwestern University
Blog Series Overview:
The Campus Solutions 9.2 Blog Series is sponsored and hosted by the HEUG Campus Community Advisory Group, with the intention to assist and educate the user community on features and functionality specific to Campus Solutions 9.2. To view other articles in the series, please go to the Article Index for the Campus Solutions 9.2 Blog Series.
Article Overview:
The intent of this article is to showcase delivered functionality, both existing and planned, in Campus Solutions 9.2, that can help your institution enhance their data privacy and data governance stance and initiatives.
Article:
Over the past couple of years, the CC AG has been working closely with Oracle in an effort to enhance and expand delivered functionality in the areas of data privacy and data governance within Campus Solutions 9.2 and other relevant products. To this end, many HEUG members, including several members of the CC AG, were instrumental in writing and publishing a white-paper in January 2018 that recommended enhancements to Oracle in the areas of data privacy/governance and data security. In addition to making recommendations for enhancements, the white-paper also documented existing functionality and bugs for many of Oracle’s products – including both on premise and Cloud SaaS products - used by Higher-Ed institutions. To read the white-paper, please access it through this link: HEUG Data Privacy White-Paper.
This article attempts to showcase delivered functionality – and Oracle products, both existing and planned, in Campus Solutions 9.2, which can help your institution enhance their data privacy and data governance stance and initiatives.
Existing Functionality
Masking/Hiding Data Points on Pages:
Limited functionality, known as Demographic Data Access Security (DDA security) exists in PeopleSoft Campus Solutions. However, to date, DDA security is limited to only two display fields - National ID and Birth Date – and only allows for masking the display of these fields in search records, prompt records, and on the Bio/Demo Data and the Relationship pages. As the functionality currently exists, you can only mask the entirety of the aforementioned fields, the first five characters of the national ID field, or the year of the birth date field. To implement this functionality, you will need to use PeopleSoft security and permission lists, and there is a requirement that both the user and the page have display-only security. More information on DDA Security can be found here: https://docs.oracle.com/cd/E56917_01/cs9pbr4/eng/cs/lsfn/task_ApplyingDemographicDataAccessSecurity-ab5774.html#topofpage
Additionally, as of Campus Solutions 9.2 and PUM Image 8, the Page and Field Configurator utility, delivered as part of PeopleTools, allows customers to hide fields selectively on a page by Role or individual Operator IDs. Individual pages on a component can also be hidden using this utility. There is a requirement, however, that you are on at least PeopleTools version 8.55.15 or 8.56.02. A good overview video on this functionality can be found here: https://www.youtube.com/watch?v=sbRfdZAERGg.
Obtaining Consent Agreements:
As part of their data governance or data privacy plans, many institutions may have the need or desire to obtain consent from constituents for the continued use and storage of some, or all, of their identifiable information. To help facilitate this requirement, there is a delivered Activity Guide in Campus Solutions that allows customers to add one or more Agreement page(s), providing customers to the ability to create Consent Agreements for their populations for specific categories of data or individual data attributes.
Masking/Encryption of Fields for Internal and External Integrations and Encryption/Scrambling of non-production data:
As delivered, the Campus solutions product itself does not currently offer an easy way to mask or encrypt data fields for integrations at the application level. However, there are oracle products available for customers deployed on an Oracle database platform. These options are add-on products that are part of the Advanced Security Option (ASO) suite and would be an additional cost. Additionally, these products are not PeopleSoft-centric, in that there are no pre-built templates that identify PeopleSoft PII data, thus requiring customers to define the fields to be masked and/or encrypted and to continually maintain the list as product changes are introduced. More information on the ASO products can be found here: https://www.oracle.com/assets/advanced-security-ds-12c-1898873.pdf
Planned Future Functionality
The Ability to Delete a Constituent:
As new data privacy regulations - such as GDPR - are put in place, many institutions will require the ability to be able to “erase” a constituent from their system. In Campus Solutions, the ability to delete constituent data by emplid currently exists, but it can only be done if the constituent only has limited data on their record, such as not having financials or enrollment data. Oracle’s HCM team has already delivered some enhancements to this functionality in their products, and Campus Solutions is planning similar functionality enhancements, leveraging what has already been delivered by the HCM team. More information on the HCM solution can be found here: peoplesoftinfo.com.
Providing a Data Privacy Framework:
The Oracle Campus Solutions team is currently working to leverage the planned “Data Privacy Framework” that is being developed by Tools Enterprise Components. This framework will allow customers to find where all the PII fields in their system are, so that they can take appropriate action, per their institutional data privacy requirements. Phase 1 of this framework is planned for later in 2018; updates to extend functionality to display, hide or mask the fields identified in the framework is planned for 2019. This second phase is likely to be dependent on Tools 8.57.
References:
HEUG Data Privacy White-Paper: https://www.heug.org/p/do/sd/sid=26206
DDA Security: https://docs.oracle.com/cd/E56917_01/cs9pbr4/eng/cs/lsfn/task_ApplyingDemographicDataAccessSecurity-ab5774.html#topofpage
Advanced Security Option (ASO) Products: https://www.oracle.com/assets/advanced-security-ds-12c-1898873.pdf
Page and Field Configurator: https://www.youtube.com/watch?v=sbRfdZAERGg.
Oracle Doc - Campus Solutions 9.2 Data Privacy and Protection: Doc ID 2397232.1