The security of personal data (PD) is an extremely important issue in today's information society. Personal data includes any information that relates to a specific person, such as name, address, telephone number, email address, and much more. The collection, processing, and storage of this data comes with a number of rules and obligations to ensure its security and confidentiality.
VIEWAPP's digital inspection technology platform is constantly working to improve its functionality and this time the changes are specifically in the area of increasing the security of personal data.
The new system enhancements make it possible to avoid data leakage to the users of the system as much as possible. All VIEWAPP users are assigned a specific role according to the role model of the system and it is important to set up their interaction with each other in terms of access to personal data.
The business logic behind the emergence of the enhancements is as follows:
The creation and management of inspections requires the interaction of many participants and user privacy is required. In doing so:
1. The immediate participants of the inspection - those with whom the inspection was shared - should see each other's information.
2. The creator of the inspection is considered a direct participant if he/she has a role lower than "Expert". When the role is "Expert" and above, the creator is considered to be performing some sort of mass function. This is not a one-off inspection, but a day-to-day job - not a direct participant.
3. "Expert" who checks the inspection should not be visible, so that customers cannot see the personal data of the one who checks the inspection, even if they go to the web-interface.
4. "Experts" also do not see each other, as practice has shown that this is not necessary.
5. "Expert" nevertheless needs to see the data of those directly involved in the inspection. This sometimes determines the inspection process as such.
6. The role of "Inspection Operator" is similar to the role of "Expert", but the experts see it, while the operator himself does not see beyond the direct participants.
7. The approver sees the implementers, experts and other approvers. This is necessary for clearer decision making.
8. Group Admins and Admins see everyone because they already have access to user profiles.
Personal data is hidden with asterisks as in other cases - we use the same masking functions as for full name, phone number and email.
Data is hidden on the entire examination page:
· in the examination header,
· in the share list,
· in the examination history,
· in the information under the steps (who made the decision).
Additionally, personal data are hidden in the lists of examinations, including "My inspections", and on the "Multiple inspections" page (there are lists and a spread).