Personal User Information in SafeQ
Personal User Information in SafeQ
Abstract
This document deals with how personal information about users in processed in SafeQ with respect to different data sources, the lifecycle of data processing and potential legal implications, such as Act No. 101/2000 Coll., on the protection of personal data in the Czech Republic.
Definition of Personal User Information
For the purpose of this document, the data which might be containing personal user information are referred to as entities. We make an intentional distinction between Corporate Entities where all information contained therein is coming from, related to and possibly owned by the legal body operating the SafeQ system and Mixed Entities which may contain personal user information.
In this document, we also refer to data structure and make important distinction between unstructured data, where the SafeQ system does not work with the data in a structured way (i.e. identifying elements of information in the data and relationships between such elements) and structured data where the data structure is taken into account.
Examples of Structured and Unstructured Data
Structured Data
Data exchanged between SafeQ and Identity Management Systems (e.g., Active Directory, OpenLDAP)
Device information describing connected Printers and/or Multifunction Devices managed by SafeQ
Cost Centers or Billing Codes managed by SafeQ system depicting corporate or management cost structure of the organisation using the SafeQ system
Unstructured Data
Print Jobs received and managed by the SafeQ system
Scanned Documents received and managed by the SafeQ system
Personal User Information in Unstructured Data
SafeQ system processes the following kinds of unstructured data which may contain Personal User Information:
Print Jobs
Scanned Documents (also referred to as Scans)
Personal User Information in Print Jobs
SafeQ system extracts information from Print Jobs constituting a Print Job Entity. This entity is stored in SafeQ system for archiving and reporting purposes.
The relevant extracted information is:
(Optional) Job Title which may be specified as part of the print job data stream by means of appropriate PCL commands. Such job title contain and refer to the contents of the print job or the original document which was printed by a user resulting in the print job. Job Title may also be linking the document to a particular person(s).
(Optional) Job Owner which is specified either as part of the print job data stream or as part of the communication protocol used for receiving the print job by the system. The Job Owner links the print job to a particular user account, which may or may not correspond to a real person(s).
This information is tracked for the purpose of reporting printed volumes on a per-user basis.
Who has access to such information?
This information is accessible to particular users, who can view only Print Jobs which have this particular user identified as Job owner.
The SafeQ system usually defines one or more administrator user accounts (by default, the user account is called “admin”). Such user accounts have permissions to view the Job Title and Job Owner information of all print jobs.
The visibility of Job Title CAN BE DISABLED by using the configuration property:
Display title of print job on the Web
If this configuration property is set to disabled, than no user accounts have permissions to view the titles of print jobs in the SafeQ system Web Interface. Not even the user accounts identified as Job Owner can view the Job Title(s) of appropriate Print Jobs. This means that the Job Title of any Print Job cannot be retrieved from the system by any standard means.
The visibility and traceability of Job Owner CAN BE DISABLED by using the configuration property:
Display user identity information in YSoft SafeQ Web reports
If this configuration property is set to disabled, than Job Owner information is never displayed in SafeQ Web Interface or in SafeQ Reports. This means that there is than no standard way, how to connect particular Print Job(s) or print volumes with particular user account(s).
Personal User Information in Scanned Documents
SafeQ system associates Job Owner information with each Scanned Document by various technical means, which depend on the type of connected multifunction device, system configuration, etc.
Who has access to such information?
This information is accessible to particular users, who can view only Scanned Documents which have this particular user idetified as Job owner.
The SafeQ system usually defines one or more administrator user accounts (by default, the user account is called “admin”). Such user accounts have permissions to view the Job Owner information of all Scanned Documents.
The visibility and traceability of Job Owner CAN BE DISABLED by using the configuration property:
Display user identity information in YSoft SafeQ Web reports
If this configuration property is set to disabled, than Job Owner information is never displayed in SafeQ Web Interface or in SafeQ Reports. This means that there is than no standard way, how to connect particular Scanned Document(s) or print volumes with particular user account(s).
Personal User Information in Structured Data
User Account Information and Credentials
The SafeQ system stores information about user accounts and related credentials. The following information is stored with the User Mixed Entity:
Login Name
First (Given) Name
Surname
Password
Card IDs and PIN Numbers
E-Mail
Home Directory (*)
Cost Center associated with the User Account (*)
Default Billing Code for the User (*)
Elements marked with (*) are system-related settings and are not relevant for storing Personal Information. All other elements may, but not necessarily must potentially contains personal information, however it is crucial to define, how are these elements maintained.
User Accounts are created and managed in one of the following ways:
The User Account(s) are created and managed using the SafeQ web interface. By default, users can access information related to their User Accounts only if and only if they can authenticate with the system using their password. Administrator user accounts can manage any User account in the system.
The User Account(s) are “imported” or “replicated” to SafeQ system using technical means from another systems. Corporations usually employ systems for managing user identities and credentials, usually referred to as Identity Management systems. SafeQ, if properly configured, can retrieve user information from such systems.
Whether User Entity in SafeQ contains Personal Information depend on the policy governing what data are entered to the system (above mentioned 1) or policy governing corporate identity management (above mentioned 2).
SafeQ is using User entities for authentication and reporting, where the traceability of particular print jobs / scanned documents to particular User Account(s) can be disabled by configuration (defined above).
For more information refer to Adding and configuring users and Identity management in SafeQ documentation.
Personal Information in other system entities
Besides the User mixed entity, the SafeQ system operates with the following entities:
Device (sometimes referred to as MFP)
Cost Center
Role
Billing Code
All these entities are Corporate Entities. They are created by the corporation using the SafeQ system to manage the printing environment.
These entities usually model corporation organisation structure, structure of departments and cost allocation policies. Cost Centers, Roles and Billing Codes are associated with particular User entities, but on M:N basis, i.e. many User entities may be associated with a particular Cost Center / Role or Billing Code, but many Cost Centers / Roles or Billing Codes are also associated with a particular User account.
For more information refer to Web interface - Devices.