Data Privacy Controls

Controlling CTR Data sent to Operata

Contact Trace Records (CTR) collected by the Operata Conductor Lambda Function can contain highly sensitive data or personally identifiable information (PII). In some circumstances, it may be required to redact certain sensitive data before it is sent to Operata.

This is achieved by way of a content-control configuration file hosted in the customer environment (i.e. S3). The URL of this file needs to be included as a parameter when you are installing or updating Conductor via CloudFormation.

S3 Bucket Policy & Attachment to Lamda Execution Role

Installation

  1. Download the example_Control_CTR_Content.txt document

  2. Make the necessary redactions by uncommenting the fields. NB: Each field that needs to be redacted must be defined as a dot notation path. More information on this can be found here: https://github.com/tidwall/gjson#path-syntax

  3. Rename & host this file in an S3 bucket with appropriate bucket policy to allow only the Operata Lambda Function to access.

❗️

Important Step

You must ensure the Operata Cloud Collector Lambda Execution Function is updated to allow the S3 GetObject for your newly created bucket. Example policy is below:

  • In the AWS IAM console navigate to Roles
  • Find the LamdaExecutionRole that was created as part of the Operata Cloud Collector deployment
  • Click 'Add inline policy'
  • Use the JSON editor to apply a policy granting access to the S3 bucket that is hosting the Data Privacy Control Document (Example Below)
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::you-s3-bucket/*"
        }
    ]
}

For further information and examples please refer to this AWS guide

  1. Install or update Operata Conductor with cloud formation template conductor-deployment-<Your-AWS-Region>.yml e.g. conductor-deployment-ap-southeast-2.yml

Example Config

#--The following list of fields are mandatory and cannot be blacklisted.
#--Agent
#--Agent.NumberOfHolds
#--Agent.CustomerHoldDuration
#--Agent.Username
#--Agent.LongestHoldDuration
#--Agent.AgentInteractionDuration
#--Agent.AfterContactWorkStartTimestamp
#--Agent.ConnectedToAgentTimestamp
#--Agent.AfterContactWorkDuration
#--Agent.AfterContactWorkEndTimestamp
#--AWSAccountId
#--ConnectedToSystemTimestamp
#--ContactId
#--LastUpdateTimestamp
#--DisconnectTimestamp
#--InitiationTimestamp
#--Queue
#--Queue.Duration
#--Queue.DequeueTimestamp
#--Queue.EnqueueTimestamp

#--The following list of fields are optional.
#--Uncomment fields (# removed) to be blacklisted and not be sent to Operata.

#Agent.RoutingProfile
#Agent.RoutingProfile.ARN
#Agent.RoutingProfile.Name
#Agent.ARN

#AWSContactTraceRecordFormatVersion

#CustomerEndpoint
#CustomerEndpoint.Type
#CustomerEndpoint.Address

#MediaStreams
#MediaStreams.<array-index>
#MediaStreams.<array-index>.Type

#Channel

#SystemEndpoint
#SystemEndpoint.Type
#SystemEndpoint.Address

#Attributes
#Attributes.<key>

#Recordings
#Recordings.<array-index>
#Recordings.<array-index>.MediaStreamType
#Recordings.<array-index>.Status
#Recordings.<array-index>.StorageType
#Recordings.<array-index>.Location

#InitiationMethod
#InstanceARN
#AgentConnectionAttempts

#Recording
#Recording.Status
#Recording.Type
#Recording.Location

#Queue.ARN
#Queue.Name

Notes

  • If AWS add data fields then they will be sent to Operata by default, new field names can be added to this blacklist as required, please contact Operata if this is needed.

  • Further information regarding Operata Conductor installation can be found here https://docs.operata.com/docs/installing-operata-conductor.

If you have issues or questions don't hesitate to contact us.