As part of IBM Cloud you can configure IBM App Connect to preserve the privacy of personal data when used to provide the service that you signed up for, and to make sure your use of personal data is GDPR compliant and protected from intruders.
This page outlines some privacy configuration capabilities in App Connect on IBM Cloud, to help your organization maintain the privacy of personal data and with GDPR readiness. This information is not an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.
If you are not sure about privacy configuration on IBM Cloud, contact the IBM Cloud team; see Privacy on the IBM Cloud.
Read more about personal data privacy and GDPR:
Clients are responsible for ensuring their own compliance with various laws and regulations, including those for data protection and privacy. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
When looking to configure App Connect to preserve the privacy of personal data, consider the following considerations.
- App Connect use of personal data
- Credentials used to connect to applications
- Personal data values in fields of actions in a flow
- Capabilities that send data to locations other than your applications
- Sample JSON object used to configure a JSON parser node
- Sample CSV text used to configure a CSV parser node
App Connect use of personal data
App Connect uses some personal data in order to provide the service that you, as a customer, have signed up for.
App Connect adheres to the following standard guidelines when handling this personal data:
- Minimise the personal data that is collected, stored, and processed. App Connect does not collect nor store personal data that is not required to provide the service.
- Ensure personal data is only used for the specific purpose it was collected. App Connect does not use personal data in any way that does not relate to providing the service and does not share personal data with any third parties.
- Protect personal data from inadvertent or malicious access. Access to personal data must be on a need to know basis. App connect uses secure communications and storage to protect your personal data from unauthorized access or disclosure. App Connect encrypts personal data when stored, and only decrypts such data when it needs to be processed. (Each instance of App Connect has a separate encryption key to further protect your personal data.)
- Do not include personal data in logs unless needed for problem determination, and then use specific logging functions to protect the data.
- Do not include personal data in samples, such as those used to create JSON schemas for parser nodes. If a sample includes real names, emails, etc, those should be replaced with made-up values.
- Do not include personal data in BAR files that you want to deploy and run enterprise integration solutions in App Connect on IBM Cloud. For any need for personal data, use the facilities provided for configuration or retrieving data values from an external source.
- IBM will keep your Basic Personal Data only while you have a specific need for that capability. If you choose to end such a need, we will delete your personal data. For example, if you choose to remove an account that was being used to connect to an application, any personal data used to configure that account will be deleted.
Credentials used to connect to applications
When you create an event-driven flow or a flow for an API, you connect to the applications that are to be used for a triggering event or subsequent actions in the flow. This usually needs you to provide personal data like an email address for the app account.
Although for some apps the personal data will be displayed in the UI, for example for Gmail –
Account 1 (firstname.lastname@example.org), App Connect encrypts the personal data when stored and does not log that data.
You should avoid using personal data to configure connections to applications, where possible.
Personal data values in fields of actions in a flow
When configuring an action in a flow, you might want to specify some personal data in the target fields of the action; for example, an email address in the
To field of a Gmail / Create message action. To avoid adding such personal data as a static value in a field, you can retrieve the data from an external source under your control and insert the data value through some mapping.
For example, you might store the personal data in a secure database, and use a retrieve action in an App Connect flow to get the data and then map that data into the target field of the action.
Capabilities that send data to locations other than your applications
If using capabilities that send data to any location other than your applications, you should avoid including personal data. This includes notification cards and the customer logging function.
- You should avoid using personal data in notification cards. A Situation detector node in a flow, if used with messages from notification cards that contain personal data, could displayed the personal data to a user.
- You should avoid, or at least minimise the use of personal data in event messages, and control the access to the logging instance. A logging node in a flow could log personal data in event messages.
Sample JSON object used to configure a JSON parser node
A JSON parser node converts a string of JSON text into a JSON object. This can be used when a previous invoke action returns JSON. The output schema generated exposes properties of the JSON object for use as input in a subsequent action in the flow.
An App Connect user who creates a flow with a JSON parser node may choose to supply a sample JSON object from which App Connect can generate a JSON schema. This sample object is stored unencrypted for the flow.
App Connect users must not include personal data in such sample JSON. If a sample includes real names, emails, etc, those should be replaced with made-up values.
Sample CSV text used to configure a CSV parser node
When creating event-driven or API flows in App Connect, you can use comma-separated values (CSV) that are stored in a file or within some other content to provide input to an action in the flow. The CSV content must be in plain text and can contain one or more data records in a tabular format.
A CSV parser node transforms a CSV data string into a JSON object. The output schema generated exposes properties of the JSON object for use as input in a subsequent action in the flow.
An App Connect user who creates a flow with a CSV parser node may choose to supply sample CSV content, as plain-text data, from which App Connect can generate a JSON schema. This sample data is stored unencrypted for the flow.
App Connect users must not include personal data in such sample CSV content. If a sample includes real names, emails, etc, those should be replaced with made-up values.