Skip Navigation
Expand
Data Privacy Frequently Asked Questions
Answer ID 9433   |   Last Review Date 01/15/2020

What data privacy features should I know about in Service Cloud?

Environment:

Oracle Service Cloud, All pods

Issue:

The use of the internet has created various ways for our personal data to be sent, received, processed and collected. Recent data breaches have many worried about identity theft and data privacy.  Subsequently, authoritative bodies are feeling the pressure to define regulations that identify what and how data should be protected and processed.

Resolution:

Disclaimer: The information on this page may not be construed or used as legal advice about the content, interpretation or application of any law, regulation or regulatory guideline.  Customers and prospective customers must seek their own legal counsel to understand the applicability of any law or regulation on their processing of personal data, including through the use of any vendor’s products or services.

From an Oracle Service Cloud perspective, a one-size-fits-all solution is not practical based on the various ways our customers use our product.  Instead, we have a Feature Guidance document that focuses on privacy and security related controls to protect personal data.  This document is available HERE.

Additionally, we have compiled the following responses to frequently asked questions.

  • Is Oracle Service Cloud "GDPR Compliant"?
    • There is no official certification process for the General Data Protection Regulation (GDPR). How a customer manages the personal data they collect is their responsibility. Oracle offers a white paper to help organizations understand how Oracle Cloud Applications can be utilized to help them comply with certain EU General Data Protection Regulation requirements.
    • GDPR endorses the use of approved codes of conduct and certification mechanisms to demonstrate that you comply.  Signing up to a code of conduct or certification scheme is not obligatory. Nevertheless, having an approved code of conduct or certification scheme that covers your processing activity is a way of demonstrating that you comply. 
    • Oracle has obtained EU/EEA-wide authorization from the European data protection authorities for its Binding Corporate Rules for Processors (BCR-p); also known as Privacy Code for Processing Personal Information of Customer Individuals or “Processor Code”.  The document can be found with the Data Processing Agreement at:  Cloud Services Contracts.
  • Is Oracle Service Cloud "CCPA Compliant"?
    • Similar to GDPR, the California Consumer Protection Act (CCPA) does not have an official certification process.  The customer has obligations to California citizens and needs to determine whether it can meet those while using any Oracle SaaS product.
    • The “CCPA 8 Rights” closely align with the Privacy Controls described in the Feature Guidance documents and can be used to assist in building your solution with Service Cloud.

  • Who is the Data Privacy Officer (DPO) for Oracle?
    • Found on Services Privacy Policy webpage, mailing address:
                Oracle Corporation
                Global Data Protection Officer
                Willis Tower
                233 South Wacker Drive
                45th Floor
                Chicago, IL 60606
                USA
           Or for inside the EU/EEA, written inquiries may be addressed to:
                Robert Niedermeier
                Hauptstrafze 4
                D-85579 Neubiberg /Munchen
                Germany
                Email: mail@legislator.de
    • Contact the Data Protection Officer though Oracle's inquiry form.

  • Where and how is personal data stored?
    • Europe institutions purchasing Oracle Service Cloud will be provisioned in EEA datacenters. Backup copies of the data will remain within the chosen region, stored in the secondary datacenter. Support and Operations access may occur globally.
    • All data stored for use with Oracle Service Cloud is encrypted at rest.

  • What are the cascading effects when deleting contacts?
    • When deleting a single contact through the user interface, several other objects are affected immediately.
      • If the contact is the only contact on any incident, the incidents are also deleted.
      • If there is more than one contact on the incident, the reference to the contact being deleted will be removed from the incident(s) and any related threads/messages.  Next time any incident is viewed/updated that had a primary contact reference removed, it will require a new primary contact to be added before saving.
      • The following objects will also be deleted when a contact is deleted:  contact sessions, notes (not incident threads/messages), OpenID accounts, and anything directly attached to the contact record (e.g., files).
      • The reference to the specific contact being deleted will be removed from: archived incidents (table not the stored xml file), assets, chats, clickstream details, purchased products, question/survey sessions, visitor events, and agent transactions that affected the contact record.
    • When using the Bulk Delete API to delete more than one contact at a time, only the contact records are synchronously deleted. All other changes noted below happen asynchronously.
      • Incidents are not deleted.  Instead, the reference to the contact being deleted will be removed from the incident(s) and any related threads/messages. Next time any incident is viewed/updated that had a primary contact reference removed, it will require a new primary contact to be added before saving.
      • The following objects will also be deleted when a contact is deleted:  contact sessions, notes (not incident threads/messages), OpenID accounts, and anything directly attached to the contact record (e.g., files).
      • The reference to the specific contact being deleted will be removed from: archived incidents (table not the stored xml file), assets, chats, clickstream details, purchased products, question/survey sessions, visitor events, and agent transactions that affected the contact record.

  • How can I remove outdated contact data and still retain incidents and related statistics?
    • Determine how to best identify the contacts that are considered old for your company.  You can create a report or use APIs.
    • One option: Anonymize the data in contact records; therefore retaining the contact record but no original data.  For example, change the name from {First, Last} to {Anonymous}.
    • Another option: Create a 'generic' contact, replace all outdated contacts on associated Incidents with this 'generic' contact, then bulk delete outdated contact records.

  • Can I remove data from within incident threads?
    • As of the 18C release of Oracle Service Cloud, incident threads can be redacted by a person with the proper profile.  See documentation under "Edit or Convert a Response Thread" for more information.

  • What is the purpose for storing End user's/Contact's IP Addresses in Service Cloud?
    • These IP addresses are collected as part of session management.  Session management is crucial to product architecture and session accounting.
    • Transaction records may be related to sessions and contacts for auditing and diagnostic purposes. Transaction records remain, but are disassociated from contact identity when the contact is removed.
    • Chat sessions are captured separately from product usage sessions.  These too are removed upon a contact deletion.  Details on setting the purge configurations for Chat can be found in Answer 2579: Oracle RightNow Chat Cloud Service Data Purge.

    • IP address fields exist as follows:
       Table  Purge Configuration  Table Purpose
       chats  CHAT_PURGE_DAYS  Contact chat session details
       contact_sessions  60 days by default. Request changes through Technical Support  Contact login/logout session details
       cs_session_summary   PURGE_CS_SESSION_SUMMARY   Session billing information
       papi_meters  Not applicable  Public API activity details and billing; original record is deleted automatically when data is aggregated at 14 days old


  • What are my options when it comes to protecting Chat data?
    • When it comes to data protection within the chat solution, several options currently exist:
      • Off the Record: This feature can help prevent the collection of personal data in chat records. 
      • Live Help Page: Modify the Live Help Page so the end-user is not required to provide a First Name, Last Name or other personally identifiable information. Configuration details for the Live Help Page can be found in Answer 5168: Documentation for Oracle Service Cloud Products within the Online Help User Guide for your CX version.
      • Anonymous Chats: Allow end-users to chat with your company anonymously. Configuration details for the ChatServerConnect widget can be found in Answer 5168: Documentation for Oracle Service Cloud Products within the Online Help User Guide for your CX version.
      • Delete a Contact: Remove an end-user’s personal data from the system by deleting the contact record. More information on data privacy can be found within this answer, under the topic “What are the cascading effects when deleting contacts?”
      • Chat Data Purge Settings: Remove chat data from the system by adjusting chat purge configuration settings to match your company's needs. Details on Chat Data Purge settings can be found in Answer 2579: Oracle RightNow Chat Cloud Service Data Purge.

  • What cookies are used with Service Cloud?
  • What risk do I run using the deprecated Customer Portal version 2.0?
    • While the "End of Life" for Customer Portal version 2.0 has not been announced, it is a deprecated feature.  Being deprecated means no new functionality will be back-ported, nor are any fixes provided.

      To capture views of contact data from your Customer Portal into the audit table after turning Contact Read Logging on, you need to be using Customer Portal version 3.3 or later.  More information about Contact Read Logging can be found in Answer 5421: What is Read Logging? .

  • Which privacy and security control documents include the different features/components of Service Cloud?
              
    Features and Document Links
     Feature  Document Link
     Agent Desktop Cloud Service
     (includes Web Customer Service & Cross Channel Contact Center) 
     Service Cloud Privacy & Security Feature Guidance 
     Chat
     Experience Routing
     Foundation Knowledgebase
     Advanced Agent Knowledgebase
     Cobrowse  Cobrowse Privacy & Security Feature Guidance
     Oracle Intelligent Advisor  Intelligent Advisor Privacy & Security Feature Guidance
     Oracle Virtual Assistant   OVA Privacy & Security Feature Guidance

Available Languages for this Answer:

Notify Me
The page will refresh upon submission. Any pending input will be lost.