George Washington had this comment on what now might be seen as the sometimes seemingly unimportant nature of what the regulations deem as Personal Identifiable Information (PII) or Sensitive Data:
"Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion."
We are often asked, as new laws on privacy are enacted, "What Privacy Safeguards does PeopleSoft comply with?"
As uninstalled software, PeopleSoft cannot assert compliance with standards which are implementation specific since they depend on "people, processes, and technology."
However, PeopleSoft does provide a number of features which allow a customer, their hosting vendor, or Managed Service Provider (MSP), to achieve compliance.
Regarding Privacy, PeopleSoft delivers the Data Privacy Framework, with an extensive repository of recognized PII and Sensitive Data.
Page and Field Configurator (P&FC) is a significant feature of the Data Privacy Framework.
Understanding Data Privacy in PeopleBooks:
or this for PeopleSoft Human Capital Management (HCM)
Maintaining Data Privacy in PeopleSoft HCM, one of many Quest postings:
Sample navigation to privacy repository.
Data Privacy Maintenance menu:
Data Privacy record and filter selection:
Sample Data Privacy result:
This provides a way to classify your data, including custom records and fields which you have added. In this example you can see which data has been classified as PII and Sensitive.
For additional informationfor PeopleSoft Human Capital Management (HCM,) PeopleSoft Enterprise Learning Management (ELM,) and PeopleSoft Financials and Supply Chain Management (FSCM,) see the following Knowledge Documents on My Oracle Support (MOS):
For more comprehensive guidance, See:
Privacy and Security Feature Guidance for all Oracle Products (On Premise)
(Note: My Oracle Support login required)
For PeopleSoft, click on the Oracle PeopleSoft tab.
You should also be aware that whenever you consider deployment on IaaS, the customer subscribes to the "Shared Responsibility Model."
The customer continues to be responsible as they are in an On-Premises deployment, unless they have contracted with an MSP or the hosting vendor, e.g. Oracle Customer Success Services (CSS) for Run and Maintain, then the protections required are subject to the service agreements with that outside hosting vendor or MSP.
Infrastructure as a Service/Oracle Cloud Infrastructure (IaaS/OCI) security for deployed "On-Premise" applications is based on the "Shared Responsibility Model"
Privacy Acts are broadening in their reach and the penalties for PII leakage can be significant:
Be careful out there!
#PeopleTools #security #Privacy #PII
I joined PeopleSoft in 1998. In Oracle I am now with the PeopleTools Strategy team with responsibility for PeopleTools security, the security of PeopleSoft in the broader enterprise, Enterprise Manager plug-in for PeopleSoft, PeopleSoft Health Center, PeopleSoft Performance Monitor, PeopleSoft Data Archiving Manager and other bits and pieces!!