PeopleSoft privacy in your hands!

November 27, 2023 | 3 minute read
Greg Kelly
Product Strategy Director - Security
Text Size 100%:

George Washington had this comment on what now might be seen as the sometimes seemingly unimportant nature of what the regulations deem as Personal Identifiable Information (PII) or Sensitive Data:
 "Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion."

We are often asked, as new laws on privacy are enacted, "What Privacy Safeguards does PeopleSoft comply with?"

As uninstalled software, PeopleSoft cannot assert compliance with standards which are implementation specific since they depend on "people, processes, and technology."

However, PeopleSoft does provide a number of features which allow a customer, their hosting vendor, or Managed Service Provider (MSP), to achieve compliance.

Regarding Privacy, PeopleSoft delivers the Data Privacy Framework, with an extensive repository of recognized PII and Sensitive Data.
Page and Field Configurator (P&FC) is a significant feature of the Data Privacy Framework.

See:
Understanding Data Privacy in PeopleBooks:
https://docs.oracle.com/cd/F85027_01/hcm92pbr47/eng/hcm/ecch/UnderstandingDataPrivacy.html

or this for PeopleSoft Human Capital Management (HCM)

Maintaining Data Privacy in PeopleSoft HCM, one of many Quest postings:
https://questoraclecommunity.org/learn/blogs/maintaining-data-privacy-in-psft-hcm/

Sample navigation to privacy repository.
Data Privacy Maintenance menu:

Data Privacy Maintenance menu

Data Privacy record and filter selection:

Data Privacy Maintenance filter

Sample Data Privacy result:

Data Privacy Maintenance result (example)

This provides a way to classify your data, including custom records and fields which you have added. In this example you can see which data has been classified as PII and Sensitive.


For additional informationfor PeopleSoft Human Capital Management (HCM,) PeopleSoft Enterprise Learning Management (ELM,) and PeopleSoft Financials and Supply Chain Management (FSCM,) see the following Knowledge Documents on My Oracle Support (MOS):

  • PeopleSoft HCM 9.2 - Personally Identifiable and Sensitive Data (Doc ID 2313438.1)  
  • PeopleSoft HCM 9.2 - Implementing Sensitive Data Masking (Doc ID 2375376.1)
  • PeopleSoft HCM Acknowledgement Framework Red Paper (Doc ID 2377140.1)
  • PeopleSoft ELM 9.2 - Personally Identifiable and Sensitive Data (Doc ID 2415109.1)
  • PeopleSoft FSCM 9.2 - Personally Identifiable and Sensitive Data (For HCM sourced data in FSCM (Doc ID 2415089.1)

For more comprehensive guidance, See:
Privacy and Security Feature Guidance for all Oracle Products (On Premise) 
https://support.oracle.com/epmos/faces/DocumentDisplay?id=113.2
(Note: My Oracle Support login required)
For PeopleSoft, click on the Oracle PeopleSoft tab.


You should also be aware that whenever you consider deployment on IaaS, the customer subscribes to the "Shared Responsibility Model."

The customer continues to be responsible as they are in an On-Premises deployment, unless they have contracted with an MSP or the hosting vendor, e.g. Oracle Customer Success Services (CSS) for Run and Maintain, then the protections required are subject to the service agreements with that outside hosting vendor or MSP.

Infrastructure as a Service/Oracle Cloud Infrastructure (IaaS/OCI) security for deployed "On-Premise" applications is based on the "Shared Responsibility Model"
here,
      https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_overview.htm
and
     https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/cloud-adoption-framework/security-strategy.htm

Privacy Acts are broadening in their reach and the penalties for PII leakage can be significant:

 Be careful out there!

 

#PeopleTools #security #Privacy #PII
 

Greg Kelly

Product Strategy Director - Security

I joined PeopleSoft in 1998. In Oracle I am now with the PeopleTools Strategy team with responsibility for PeopleTools security, the security of PeopleSoft in the broader enterprise, Enterprise Manager plug-in for PeopleSoft, PeopleSoft Health Center, PeopleSoft Performance Monitor, PeopleSoft Data Archiving Manager and other bits and pieces!!


Previous Post

Getting the most from your PeopleSoft System - PeopleSoft NOW! Episode 4.2

Vaseem Khan | 2 min read

Next Post


Legislative Update for PeopleSoft Human Resources – EEO4 Reporting

Julie Alonso | 1 min read