Difference between revisions of "Configuring Privacy, Confidentiality and Other Policies"
(→Privacy and Security Field Options) |
|||
Line 1: | Line 1: | ||
==Overview== | ==Overview== | ||
− | '''Privacy is a shared responsibility'''. This feature allows organizations to better highlight their privacy and other stated policies, provides tools to manage country and language combinations, and places persistent links to policies on login pages and user portals. | + | '''Privacy is a shared responsibility'''. This feature allows organizations to better highlight their privacy and other stated policies, provides tools to manage country and language combinations, and places persistent links to policies on login pages and user portals. |
+ | |||
+ | ===General Data Protection Regulation=== | ||
+ | One of the largest aspects of [[SmartSimple]]'s privacy configuration is our compliance with the '''General Data Protection Regulation''' (GDPR). The GDPR is an EU legislation that is designed to protect the fundamental rights of citizens and their personal data. This law ensures that people not only know where their private data is kept, but it also holds organizations accountable and transparent with their practices. | ||
+ | |||
+ | [http://EUGDPR.rg EUGDPR.org] lists the key changes brought about by the enforcement of the GDPR beginning '''May 25, 2018'''. As a directly binding regulation, the GDPR stipulates that controllers of personal data must put in place appropriate technical and organisational measures to implement its data-protection principles. | ||
+ | |||
+ | This article describes which features and policies [[SmartSimple]] has implemented into our platform to help you comply with the GDPR. | ||
==Feature Illustrated== | ==Feature Illustrated== | ||
− | |||
[[Image:Privacy_top.png|link=|400px]]<br /> | [[Image:Privacy_top.png|link=|400px]]<br /> | ||
''Privacy and Security link displayed on a users portal (above).''<br /><br /> | ''Privacy and Security link displayed on a users portal (above).''<br /><br /> | ||
Line 11: | Line 17: | ||
[[Image:Privacy_configuration_page.png|link=|600px]]<br /> | [[Image:Privacy_configuration_page.png|link=|600px]]<br /> | ||
− | ''Country and language policy configuration page is displayed above. Found under Configuration > Global Settings > | + | ''Country and language policy configuration page is displayed above. Found under Configuration > Global Settings > Security tab.''<br /><br /> |
==Configuring the Privacy and Security Settings== | ==Configuring the Privacy and Security Settings== | ||
− | + | You must create a policy for the '''Default Country''' and '''English''' language first. The default will be displayed to all users prior to login. | |
− | You must create a policy for the '''Default Country''' and '''English''' language first. The default will be displayed to all users prior to login. | ||
# From the Configuration menu, click on '''[[Global Settings]]'''. | # From the Configuration menu, click on '''[[Global Settings]]'''. | ||
Line 30: | Line 35: | ||
===Policies=== | ===Policies=== | ||
+ | This section allows you to create specific country and language policy combinations. | ||
− | + | * '''Country''' - Select the country this specific policy will pertain to from the drop down list. Choose the '''Default Country''' option when creating a general (non-country specific) policy. The '''Default Country''' is displayed pre login. Post login, the privacy policy displayed is determined by the users settings. | |
− | |||
− | * '''Country''' - Select the country this specific policy will pertain to from the drop down list. | ||
* '''Language''' - Select the language that will be associated with the country selected from the above option. | * '''Language''' - Select the language that will be associated with the country selected from the above option. | ||
===Policy Details=== | ===Policy Details=== | ||
− | This section allows for the labeling of policies and the adding of policy details via rich text or external link. Each policy can be labeled individually using the label field to the right of the policy name. | + | This section allows for the labeling of policies and the adding of policy details via rich text or external link. Each policy can be labeled individually using the label field to the right of the policy name. |
− | * '''Enforce User Acceptance''' - determine if/when policies require acceptance by end-users. Used in conjunction with the '''User Acceptance Required''' option to enforce acceptance specific to individual policies. | + | * '''Enforce User Acceptance''' - determine if/when policies require acceptance by end-users. Used in conjunction with the '''User Acceptance Required''' option to enforce acceptance specific to individual policies. |
* '''Interval''' - Drop-down with fee interval options. If one of the options is selected it will make users re-accept the policies at the set interval. | * '''Interval''' - Drop-down with fee interval options. If one of the options is selected it will make users re-accept the policies at the set interval. | ||
* '''Introduction''' - This defines the first policy page displayed and can be used to introduce the policies that have been defined. Only the rich text option is available for defining the introduction (no URL option). | * '''Introduction''' - This defines the first policy page displayed and can be used to introduce the policies that have been defined. Only the rich text option is available for defining the introduction (no URL option). | ||
− | * '''Privacy Policy''' - This option allows the privacy policy to be defined. | + | * '''Privacy Policy''' - This option allows the privacy policy to be defined. |
− | * '''Communications Policy''' - This option allows the communication policy to be defined. | + | * '''Communications Policy''' - This option allows the communication policy to be defined. |
− | * '''Data Access''' - This option allows the data policy to be defined. | + | * '''Data Access''' - This option allows the data policy to be defined. |
− | * '''Accountability''' - | + | * '''Accountability''' - This option allows the accountability policy to be defined. |
− | * '''Data Confidentiality''' - This option allows the data confidentiality policy to be defined. | + | * '''Data Confidentiality''' - This option allows the data confidentiality policy to be defined. |
− | * '''Performance Integrity''' - This option allows the performance integrity policy to be defined. | + | * '''Performance Integrity''' - This option allows the performance integrity policy to be defined. |
− | * '''International Data Privacy''' - | + | * '''International Data Privacy''' - This option allows the international data privacy policy to be defined. |
+ | |||
+ | The policies (with the exception of Introduction) have 3 options None, Rich Text, and URL. . . | ||
− | |||
* The '''None''' option means that this policy is not defined for this country/language policy combination | * The '''None''' option means that this policy is not defined for this country/language policy combination | ||
− | * The '''Rich Text''' option allows the creation of the specific policy using the rich text editor | + | * The '''Rich Text''' option allows the creation of the specific policy using the rich text editor |
− | * The '''URL''' allows the specifying of a URL link resource to be referenced from an external site. | + | * The '''URL''' allows the specifying of a URL link resource to be referenced from an external site. |
They also have a '''User Acceptance Required''' option to indicate that the user is required to provide acceptance specific to individual policies after the date specified in the '''Enforce User Acceptance''' setting.<br /><br /> | They also have a '''User Acceptance Required''' option to indicate that the user is required to provide acceptance specific to individual policies after the date specified in the '''Enforce User Acceptance''' setting.<br /><br /> | ||
Line 61: | Line 66: | ||
==Adding the Privacy & Security link to Existing login pages== | ==Adding the Privacy & Security link to Existing login pages== | ||
− | For login pages created prior to the introduction of this feature (April 2016) the Privacy & Security link will not show by default. | + | For login pages created prior to the introduction of this feature (April 2016) the Privacy & Security link will not show by default. This can be added manually by updating the Standard Template located on the [[Login Screen Content]] page. '''Note:''' Updating the Standard Template will remove any previous formatting. It is recommended that you start with the Standard Template and then customize the page to your satisfaction. In the case where you decide that you do not want to use the Standard Template the code below includes the link to insert it manually: |
+ | |||
{| | {| | ||
− | | | + | |- |
+ | ||[s_viewpolicies.jsp?companyid=@companyid@&policylang=@lang@&isexternal=1 Privacy & Security] | ||
|} | |} | ||
Line 72: | Line 79: | ||
* Each field includes a ''last modified by'' and ''modified date stamp'' | * Each field includes a ''last modified by'' and ''modified date stamp'' | ||
* Policy formats include both rich text format and URL link to a webpage containing the policy | * Policy formats include both rich text format and URL link to a webpage containing the policy | ||
− | * Additional policies can be added by clicking the '''+ plus icon''' | + | * Additional policies can be added by clicking the '''+ plus icon''' at the bottom of the Policy Details section. |
==Privacy logs== | ==Privacy logs== | ||
Line 79: | Line 86: | ||
The PDF is named using the structure ''[userid]-[firstname]_[lastname]_policy-[policyid]-[countryid]-[langid]_V_[version].pdf'' | The PDF is named using the structure ''[userid]-[firstname]_[lastname]_policy-[policyid]-[countryid]-[langid]_V_[version].pdf'' | ||
− | [[Image:PrivacyViewLog.png|link=|1300px]] | + | [[Image:PrivacyViewLog.png|link=|1300px]] |
[[Category:How]][[Category:Global Settings]] | [[Category:How]][[Category:Global Settings]] |
Revision as of 10:02, 23 August 2019
Contents
Overview
Privacy is a shared responsibility. This feature allows organizations to better highlight their privacy and other stated policies, provides tools to manage country and language combinations, and places persistent links to policies on login pages and user portals.
General Data Protection Regulation
One of the largest aspects of SmartSimple's privacy configuration is our compliance with the General Data Protection Regulation (GDPR). The GDPR is an EU legislation that is designed to protect the fundamental rights of citizens and their personal data. This law ensures that people not only know where their private data is kept, but it also holds organizations accountable and transparent with their practices.
EUGDPR.org lists the key changes brought about by the enforcement of the GDPR beginning May 25, 2018. As a directly binding regulation, the GDPR stipulates that controllers of personal data must put in place appropriate technical and organisational measures to implement its data-protection principles.
This article describes which features and policies SmartSimple has implemented into our platform to help you comply with the GDPR.
Feature Illustrated
Privacy and Security link displayed on a users portal (above).
Privacy and Security link displayed on user login page (above).
Country and language policy configuration page is displayed above. Found under Configuration > Global Settings > Security tab.
Configuring the Privacy and Security Settings
You must create a policy for the Default Country and English language first. The default will be displayed to all users prior to login.
- From the Configuration menu, click on Global Settings.
- Click on the Security tab.
- Click on the Privacy and Security Policies link within the Security Settings.
- The list of configured Privacy and Security policies is displayed.
- Click New Policy icon to configure a new policy, or click on the "Edit Policy" icon to modify an existing policy.
- Complete the privacy settings field options.
- Click Save to save the policy.
Privacy and Security Field Options
The following are field options for configuring Privacy and Security policies:
Policies
This section allows you to create specific country and language policy combinations.
- Country - Select the country this specific policy will pertain to from the drop down list. Choose the Default Country option when creating a general (non-country specific) policy. The Default Country is displayed pre login. Post login, the privacy policy displayed is determined by the users settings.
- Language - Select the language that will be associated with the country selected from the above option.
Policy Details
This section allows for the labeling of policies and the adding of policy details via rich text or external link. Each policy can be labeled individually using the label field to the right of the policy name.
- Enforce User Acceptance - determine if/when policies require acceptance by end-users. Used in conjunction with the User Acceptance Required option to enforce acceptance specific to individual policies.
- Interval - Drop-down with fee interval options. If one of the options is selected it will make users re-accept the policies at the set interval.
- Introduction - This defines the first policy page displayed and can be used to introduce the policies that have been defined. Only the rich text option is available for defining the introduction (no URL option).
- Privacy Policy - This option allows the privacy policy to be defined.
- Communications Policy - This option allows the communication policy to be defined.
- Data Access - This option allows the data policy to be defined.
- Accountability - This option allows the accountability policy to be defined.
- Data Confidentiality - This option allows the data confidentiality policy to be defined.
- Performance Integrity - This option allows the performance integrity policy to be defined.
- International Data Privacy - This option allows the international data privacy policy to be defined.
The policies (with the exception of Introduction) have 3 options None, Rich Text, and URL. . .
- The None option means that this policy is not defined for this country/language policy combination
- The Rich Text option allows the creation of the specific policy using the rich text editor
- The URL allows the specifying of a URL link resource to be referenced from an external site.
They also have a User Acceptance Required option to indicate that the user is required to provide acceptance specific to individual policies after the date specified in the Enforce User Acceptance setting.
If the User Acceptance Required option is switched on then an additional Role Lookup option is displayed. If Roles are selected here then the policy will only affect users with these roles.
Adding the Privacy & Security link to Existing login pages
For login pages created prior to the introduction of this feature (April 2016) the Privacy & Security link will not show by default. This can be added manually by updating the Standard Template located on the Login Screen Content page. Note: Updating the Standard Template will remove any previous formatting. It is recommended that you start with the Standard Template and then customize the page to your satisfaction. In the case where you decide that you do not want to use the Standard Template the code below includes the link to insert it manually:
[s_viewpolicies.jsp?companyid=@companyid@&policylang=@lang@&isexternal=1 Privacy & Security] |
Notes
- Each field includes a last modified by and modified date stamp
- Policy formats include both rich text format and URL link to a webpage containing the policy
- Additional policies can be added by clicking the + plus icon at the bottom of the Policy Details section.
Privacy logs
When a user confirms and completes the Privacy policy then a PDF version is stored against the corresponding policy under the View Log tab.
The PDF is named using the structure [userid]-[firstname]_[lastname]_policy-[policyid]-[countryid]-[langid]_V_[version].pdf