Release 4.9.4 - 2018 May

1. What’s new?

IMIcampaign release 4.9.4 is all about GDPR (The European General Data Protection Regulation). We have made a number of enhancements in line with GDPR recommendations.
Many security and privacy related enhancements have been made behind the scenes; such as encryption of customer data – especially how we store and process Personally Identifiable Information (PII), e.g. Postal Address, Bank Account Number etc.
The subsequent sections of this Release Note show how some of the UI screens within IMIcampaign have been enhanced to make PII handling more secure and configurable.
Most new UI features being introduced in this release allow users to decide whether specific data attributes should be encrypted or not.
These security features have broadly been grouped into the 2 main modules of IMIcampaign:
a) Campaign Manager module and
b) Profile Manager module

2. Data Retention Policy

GDPR guidelines suggest that organizations should hold customer data only for a limited duration in line with what is essential for the purposes of delivering services to their customers. Accordingly, IMIcampaign will be enforcing the following data retention policy from this release onwards:

• Granular customer-level transaction data for campaigns will be kept for 90 days from the time of the campaigns. This means that ‘source deployments’ for follow-ups must be within the previous 90 days of the follow-up deployment dates.

• Reports data will be available for the duration as follows:

      o Transaction level reports: 90 days
      o Dynamic header reports: 90 days
      o Summary level reports: 18 months
  

• Data for Static Target Groups which are unused for 30 days will be deleted.

• Data for Dynamic Target Groups which are unused for 90 days will be deleted.

• Data within SFTP storage areas will be deleted after 90 days for both inbound and outbound feeds.

3. Main changes in IMIcampaign Campaign Manager module

3.1 User Role permissions to view encrypted data

A flag has been added at User Role level to provide permissions to view encrypted data. With this single flag, you can enable or disable the ability of multiple users with this Role to view encrypted data across all the screens and all the modules of IMIcampaign. This flag setting is available here: Administration >> User Management >> User Roles >> Add New Role / Edit Role.

3.2 Target Group Creation - data encryption for specific TG Headers

A new section called ‘Headers Encryption’ has been added to the ‘Target Group Creation’ screen. When you create a new Target Group, the headers from that TG will be displayed in this section. The user will then be required to enable/disable the encryption of the headers individually. For default key PII data headers like EMAIL, MSISDN and CUSTOMERID, the data encryption will be switched on by default.

3.3 Create Event screen - data encryption for specific event parameters (headers)

On the ‘Create Event’ screen, the user will need to enable/disable data encryption for each event parameter (header).

3.4 Customer Care Preview - data displayed as encrypted depending on user role

In the ‘Customer Care’ section, on the ‘Content Preview / Responses’ screen, the user will be displayed customer communications and responses in clear text or in encrypted format depending on whether the user’s role has permissions to view encrypted data or not.

3.5 Deployment Summary screen - Counts file download - data displayed as encrypted depending on user role

On the ‘Deployment Summary’ screen, after the campaign deployment is completed, the user is able to download the various subsets of the Target Group by clicking on the numbers shown under the ‘Counts’ section of the screen. With this release, the downloaded file will have data displayed in clear text or in encrypted format depending on whether the user’s role has permissions to view encrypted data or not.

3.6 WHO tab – TG file download - data displayed as encrypted depending on user role

On the ‘WHO’ tab, the user is able to download the Target Group by clicking on the number shown under the ‘Subscriber Count’ column of the screen. With this release, the downloaded file will have data displayed in clear text or in encrypted format depending on whether the user’s role has permissions to view encrypted data or not.

3.7 Test Contacts screen – data displayed as encrypted depending on user role

On the ‘Assets >> Test Contacts’ screen the user will be displayed the mobile number and email of test contacts in clear text or in encrypted format depending on whether the user’s role has permissions to view encrypted data or not.

3.8 Scheduled reports sent by email – now with password protected attachments

Scheduled reports sent by email will now have the PDF / Excel attachments password-protected with the password being made up from the mobile number and email of the user who scheduled the report. Also, the data within the PDF/Excel attachment will be in clear text or in encrypted format depending on whether the scheduling user’s role has permissions to view encrypted data.

4. Main changes in IMIcampaign Profile Manager module

4.1 Profile Definition – data encryption for specific Profile attributes

The user can enable/disable data encryption for each individual Profile attribute on the ‘Define Profile’ screen. Once enabled, the ‘Encrypted’ flag cannot be disabled.

4.2 Data Ingestion ETL Feed Mapping - data encryption for specific attributes

The user can enable/disable data encryption for each individual attribute on the ‘Data Ingestion >> Feed (ETL)’ screen. Once enabled, the ‘Encrypted’ flag cannot be disabled. This feature is applicable to the ‘Graphical View’ as well as the ‘Field Mapping’ view.

4.3 Profile Report screen - data encryption for specific attributes

The user will be displayed any encrypted profile data attributes in clear text or in encrypted format depending on whether the user’s role has permission to view encrypted data or not.