The Nuxeo Platform offers all the necessary capabilities to build an application that ensures the maximum level of compliance with user privacy and security regulations.
The European General Data Protection Regulation was the first one to go into action in 2019, redefining the entire landscape of how online user data is to be handled. New sets of regulations, like the California Consumer Privacy Act (CCPA), are going live: even if they apply to different regions, the main principles remains the same.
Concept
The Nuxeo Platform, by itself, cannot ensure GDPR or CCPA compliance as the they are not about certifying any technical solution; it is about ensuring that the management of personally identifiable information (PII) are satisfying individual rights requirements, such as the right to access, the right to erasure, portability, etc.
Indeed, the main concerns are focused on the way personal data is used and stored, the ability to quickly respond to Subject Access Requests, the security controls in place to protect personal data integrity and confidentiality, etc.
Managing Data Privacy Requirements with Nuxeo
Right to Data Portability
Individuals are free to either store the data for personal use or to transmit it to another data controller. The data must be received “in a structured, commonly used and machine-readable format.”
The Nuxeo Platform offers several features that allow you to export documents natively. The export component should be chosen depending on your requirements.
Export Components | Implementation | Needs Configuration | Adapted for Folder Structure Export | Document Type and Property Value Export |
---|---|---|---|---|
ZIP XML Export | Native | No | Yes | No |
Template Rendering | Addon | Yes | Yes | Yes |
PDF Concatenation | Studio feature | Yes | No | No |
Nuxeo Drive | Addon | No | Yes | No |
Nuxeo FS Exporter | Addon | No | Yes | No |
Right of Access
Individuals should obtain from the confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
Thanks to the Nuxeo Audit Service and the Nuxeo Query Language (or NXQL), it is possible to identify:
- All the actions (download, search, edit, etc.) that were executed on a document
- The exact date of an action
- The version of the document in which an action was executed
The audit entries can be read from a document-context or from the Nuxeo Web UI Administration menu. New events can be created from Nuxeo Studio and therefore be tracked in the platform.
Right to Rectification
The individuals should have the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her.
Nuxeo allows you to bulk edit any document property by either building a custom form and operation with Nuxeo Studio or by creating your custom component based on Nuxeo Stream for huge volumes.
Right to Erasure / Right to be Forgotten
The individuals should have the right to obtain the erasure of personal data concerning him or her without undue delay and the controller should have the obligation to erase personal data without undue delay.
With the proper permissions, it is possible to delete a document unitary or several documents (from a folder view or a query). The deletion can be triggered by any other Nuxeo interface such as the REST API, CMIS or any Nuxeo SDK Client.
As described in Trash Service page, documents are first moved to the trash before being permanently deleted. The Nuxeo Platform removes the personal information references from the binary storage as well as from within the database.
When personally identifying information needs to be removed without deleting the whole document, content redaction using Nuxeo Enhanced Viewer can also be considered as an option.
Right to Object
The individuals should have the right to object at any time to processing of personal data concerning him or her, including profiling based on those provisions.
You can create specific document properties to identify whether a document being used for a particular processing activity is following the best practice for this type of workflow. In addition to triggering automatic processes with listeners and scheduling jobs, you can alternatively use custom security policies to instantly restrict a specific user or group from accessing a document to.
Privacy by Design
The term "Privacy by Design" refers to the data protection through technology design, in other words: apply privacy by design principles to applications, services and products when designing, developing, and testing.
Privacy by design concepts, applied to a Nuxeo-based application, require an understanding of the capabilities offered by the Nuxeo Platform. The following sections are particularly interesting to read:
- Best practices and recommendation on Nuxeo Security.
- Nuxeo data model: in particular, document types and schemas concepts.
- How the Nuxeo repository security is built
Default Storage Entities for Personal Information in Nuxeo Platform
Nuxeo Platform is willing to contain personal information. This section details the possible default locations where personal information may be found.
Depending on your implementation, this list has to be reviewed and completed (if you add personal information to your document types inside custom properties, add new audit entries, store files containing personal information etc.)
This personal information is necessary to ensure the effective functioning of Nuxeo Platform.
Nuxeo Entities
Personal information are firstly stored in the user profile:
- Username (mandatory)
- Firstname
- Lastname
- Email (mandatory)
- Company
- Groups
When manipulating documents, The dc:creator
, dc:contributors
and dc:lastContributor
contain usernames.
The default audit events are triggered and contain:
- Performed action
- Date
- Username
- Category
- Comment
- State
The default email notifications (when a user subscribes to a document, or when a user is involved in a workflow instance) can contain:
- Username
- Firstname
- Lastname
- Audit entries
Nuxeo Infrastructure Components
The following Nuxeo infrastructure elements, in charge of the data persistence, are willing to store personal information:
- The blob storage
- The database (as it contains all document properties, the user registry, etc.)
- Elasticsearch (which extracts information from the database and perform additional operations such as full text extraction)
- The Nuxeo logs
Then, depending on your implementation, personal information might be found:
- In Redis or Kafka for asynchronous jobs
- Any monitoring tools (which can possibility store IP address for example)
- If you are using specific Nuxeo addons (Nuxeo Drive which stores personal information on the local Drive, or Nuxeo Easyshare which stores IP downloading documents)
Cookie Management
Nuxeo JSF UI uses a set of cookies which are used exclusively to manage authentication and redirections:
JSESSIONID
: Session ID for the web application to maintain the authentication aliveorg.jboss.seam.core.TimeZone
org.jboss.seam.core.Locale
nuxeo.start.url.fragment
Nuxeo Web UI uses a subset of the JSF set of of cookies.