You can enable the Privacy Protection Feature of RPA Portal to announce Privacy Policy and manage its history.
"Using the Privacy Protection Feature" explains the following topics:
Starting the Privacy Protection Feature
Enabling the Privacy Policy Agreement Feature
Setting Password Expiration Period
Starting the Privacy Protection Feature
This part explains Brity RPA’s Privacy Protection Feature.
Supported Features
Brity RPA supports the following features to protect private data:
Feature | Description |
|---|---|
Keeping change history of RPA Solution users | Keeps record of RPA Solution user information addition/edition history. Permanently deletes the history whenever an RPA solution user closes their account. |
Keeping access history of RPA solution user information | Keeps a record of access target, accessed user, and access time history whenever an RPA solution user's information is accessed. |
Terms of Agreement | Allows customization of Terms of Agreement form. Becomes available when you enable Privacy Policy Agreement feature. |
Keeping consent history of Terms of Agreement | Keeps record of consents and consent date of Terms of Agreement. Becomes available when you enable Privacy Policy Agreement feature. |
Keeping login history | Keeps record of user access history, such as access IP and tenant. |
Keeping change history of RPA group permission | Keeps record of change RPA group permission history. |
Setting Password Expiration Period | Sets the monthly password expiration period. Becomes available when you enable Password Change feature. |
Discarding private data stored | Immediately discards stored private data once the processing purpose is accomplished. |
Encrypting Passwords | Uses hash values based on Salt-applied SHA-512 algorithm. |
Data communication section security | Secures and protects the entire data communication section by TLSv.1.2 supported Hypertext Transfer Protocol Secure (HTTPS), and WebSocket Secure (WSS) protocol. |
Enabling the Privacy Policy Agreement Feature
You can enable the Privacy Policy Agreement feature to notify Privacy Policy to RPA solution users, and collect consents. To enable the Privacy Policy Agreement feature, complete the following steps:
Set
agreementUseproperty of each portal totrue.Paths for the property are as followings:
/rpa/apps/admin/admin/WEB-INF/classes/properties/comm.properties /rpa/apps/admin/tenant/WEB-INF/classes/properties/comm.properties /rpa/apps/admin/user/WEB-INF/classes/properties/comm.properties
Edit Terms of Agreement on the following paths:
/rpa/apps/admin/admin/WEB-INF/classes/agreeContent.html /rpa/apps/admin/admin/WEBINF/classes/agreeContent_en.html /rpa/apps/admin/tenant/WEB-INF/classes/agreeContent.html /rpa/apps/admin/tenant/WEB-INF/classes/agreeContent_en.html /rpa/apps/admin/user/WEB-INF/classes/agreeContent.html /rpa/apps/admin/user/WEB-INF/classes/agreeContent_en.html
Restart the web application server.
The Privacy Policy Agreement feature has been enabled. Upon enabling, following features will be activated:
Collecting consent when a new RPA Solution user signs up
Admin&User Signup
PrivacypolicyUser
No. | Description |
|---|---|
1 | Displays the version of the privacy policy that is currently displayed. If it is the most recent version, it will be displayed as "latest". Except for the latest version, the registered version is displayed. |
2 | Click the arrow keys to view the previous privacy policy. |
로그인 화면 하단에서 개인정보처리방침 확인
PrivacypolicyUser1
Allowing users to view Privacy Policy on the Portal personal formation panel
privacy
If the administrator registers the user directly, the registered user's consent to collect personal information must be obtained.
Setting Password Expiration Period
You can enable the Password Expiration Period feature to have RPA solution users to change their password on a set time period basis. To enable the Password Expiration Period feature, complete the following steps:
Go to Tenant Portal's Configuration mgmt. menu and select the Management policy category.
Click the User Password Change Cycle entry to enter a number in the value. (Unit: 1) Enter 0 if you do not want to set it.
In the Change User Password popup, activate the Allow User Password Postponement value to allow the user to postpone changing the password to the next cycle.
The password expiration period has been set. Every time the set period passes from the last date of password change, the "change password" pop-up window will be displayed on the next login. Change the current password and Click Save.
changepassword
Administrators Protecting Personal Information
Administrators are required to conduct administrator activities to protect personal information according to the region of use. Manager activities for major cases are listed below.
When a user requests an account restriction
(1) The administrator must change the user's status to dormant and keep the processing history separately.
(2) Upon receipt of a request for removal of restrictions, the Administrator shall verify and process the identity of the information subject.
When a user requests a transfer of personal information
(1) When a request for portability of personal information is received, it is necessary to verify the identity of the data subject and confirm that it is processed. (1) Confirm that the processing of the transfer of personal information is completed within <> month ※ However, if necessary, it can be extended for 2 months after notifying the information subject of the reason for the delay and extending the period within one month of receipt. (3) Ensure that movement data is provided in a systematic, commonly available, and machine-readable form. [Example] CSV, Excel files, etc. (4) It is necessary to ensure that appropriate security is applied when transferring personal information. [Example] Additional authentication, encryption (5) Personal information processing details must be kept separately.
When a user requests deletion of personal information
(1) Make sure that the personal information stored in the backup system is not deleted immediately, but that it can be deleted in the event of a resotre in the future.
When a user requests access to personal information
(1)The administrator shall extract the personal information of the requested user and deliver it in an electronic document (Excel, etc.) for easy understanding. (2) It is necessary to ensure that appropriate security is applied when delivering personal information. [Example] Additional authentication, encryption (3) The personal information to be delivered must include mandatory items.
When a user requests a review of automated decision-making
(1) If a request is received, the identity of the information subject must be confirmed and processed (2) It is necessary to confirm that the personal information processing history is kept (DB or document) (15) We recommend that the request be processed within <> days from the date of receipt of the request.
Storing User's Password Algorithm
The Brity RPA solution uses BCrypt as a one-way algorithm for storing user passwords, and provides a guide to change the algorithm to SHA512 as required. Use the following procedure to change the algorithm to SHA512.
Procedure for changing password algorithm BCrypt -> SHA512
Register the bean for each portal and set the authenticationProvider's passwordEncoder to rpaSha512PasswordEncoder.
rpaSha512PasswordEncoder
... (Bottom area)
<!-- v2.5.1 Login Provider -->
<!-- (additional) 1. rpaSha512PasswordEncder Bean Registration -->
<bean id="rpaSha512PasswordEncoder" class="com.sds.rpa.portal.common.security.enc.RpaSHA512PasswordEncoder" />
<!-- (change) 2. Change the authenticationProvider's passwordEncoder from bcryptPasswordEncoder to rpaSha512PasswordEncoder -->
<bean id="authenticationProvider" class="com.sds.rpa.portal.common.security.auth.FaroDaoAuthenticationProvider">
<property name="userDetailsService" ref="UserDetailService" />
<property name="passwordEncoder" ref="rpaSha512PasswordEncoder" />
</bean>The location of the file that needs to be set is as follows:
/rpa/apps/admin/admin/WEB-INF/classes/config/applicationContext-security.xml /rpa/apps/admin/tenant/WEB-INF/classes/config/applicationContext-security.xml /rpa/apps/admin/user/WEB-INF/classes/config/applicationContext-security.xml
2. Set user.password.encodetype=SHA512DIGEST in the common property.
The location of the file that needs to be set is as follows:
/rpa/properties/application.properties
3. Restart the Web Application Server.
4. Restart the Tenant (Catalog) Server.
The user password algorithm is applied based on SHA512.
Set up password migration
The previously stored password is migrated when logging in to the Admin/User Portal and Designer Login, and is not migrated in the case of the Tenant Portal. Follow these steps to set up password migration.
Set user.password.migration=Y in the properties of each portal.
The location of the file that needs to be set is as follows:
/rpa/apps/admin/admin/WEB-INF/classes/properties/comm.properties /rpa/apps/admin/tenant/WEB-INF/classes/properties/comm.properties /rpa/apps/admin/user/WEB-INF/classes/properties/comm.properties
2. Set user.password.migration=Y in the common property.
The location of the file that needs to be set is as follows:
/rpa/properties/application.properties
3. Restart the Web Application Server.
4. Restart the Tenant (Catalog) Server.
When logging in, the password stored by the existing algorithm is migrated.
Migration to BCrypt -> SHA512 is performed according to the change in the user password algorithm, and even if the settings are restored, password migration to SHA512 -> BCrypt is not applied.
Please perform the password search function on the login screen to reset the password.
Using Personal Information
If the administrator needs to obtain consent to the use of personal information again from users due to a change in the privacy policy, the administrator provides users with the ability to re-consent to the use of personal information.
Change a user's status to obtain consent for personal information
In order to obtain consent to re-consent to personal information, you must perform the following query.
If only certain users require re-consent of their personal information, they can be filtered by the WHERE condition of the UPDATE statement.
INSERT INTO catalog.tb_fr_user_additional_info
(USER_ID, CREATE_USR_ID, UPDATE_USR_ID)
SELECT USER_ID, 'admin', 'admin'
FROM catalog.tb_fr_user_info
WHERE USER_ID NOT IN (SELECT USER_ID FROM catalog.tb_fr_user_additional_info);
UPDATE catalog.tb_fr_user_additional_info
SET AGREE_PERSONAL_STAT='PPS_0002'
-- [WHERE clause...]
;