Guides
Go To Operata
Start typing to search…

Configuration file - Data Privacy Controls

Controlling CTR data sent to Operata

Controlling CTR Data sent to Operata

Contact Trace Records (CTR) collected by the Operata Conductor Lambda Function can contain sensitive data or personally identifiable information (PII). In some circumstances, it may be required to redact certain data before it is sent to Operata.

This is achieved in two ways:

  1. A content redaction configuration managed via our API, which supports either whitelisting or blacklisting data (recommended approach).

  2. A content-control configuration file hosted in the customer environment (i.e. S3), which only supports blacklisting data (now deprecated)

This guide covers using the content control configuration file

Configuration file

S3 Bucket Policy & Attachment to Lambda Execution Role

This is a blacklist content-control configuration file hosted in your environment via S3. The URL of this file needs to be included as a parameter when you are installing or updating Conductor via CloudFormation.

Installation

  1. Download the example_Control_CTR_Content.txt document

  2. Make the necessary redactions by uncommenting the fields. NB: Each field that needs to be redacted must be defined as a dot notation path. More information on this can be found here: https://github.com/tidwall/gjson#path-syntax

  3. Rename & host this file in an S3 bucket with appropriate bucket policy to allow only the Operata Lambda Function to access.

❗️

Important Step

You must ensure the Operata Cloud Collector Lambda Execution Function is updated to allow the S3 GetObject for your newly created bucket. Example policy is below:

  • In the AWS IAM console navigate to Roles
  • Find the LambdaExecutionRole that was created as part of the Operata Cloud Collector deployment
  • Click 'Add inline policy'
  • Use the JSON editor to apply a policy granting access to the S3 bucket that is hosting the Data Privacy Control Document (Example Below)
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your-s3-bucket/*"
        }
    ]
}

For further information and examples please refer to this AWS guide

  1. Install or update Operata Conductor with cloud formation template conductor-deployment-<Your-AWS-Region>.yml e.g. conductor-deployment-ap-southeast-2.yml

Example Config

#--The following list of fields are mandatory and cannot be blacklisted.
#--Agent
#--Agent.NumberOfHolds
#--Agent.CustomerHoldDuration
#--Agent.Username
#--Agent.LongestHoldDuration
#--Agent.AgentInteractionDuration
#--Agent.AfterContactWorkStartTimestamp
#--Agent.ConnectedToAgentTimestamp
#--Agent.AfterContactWorkDuration
#--Agent.AfterContactWorkEndTimestamp
#--AWSAccountId
#--ConnectedToSystemTimestamp
#--ContactId
#--LastUpdateTimestamp
#--DisconnectTimestamp
#--InitiationTimestamp
#--Queue
#--Queue.Duration
#--Queue.DequeueTimestamp
#--Queue.EnqueueTimestamp

#--The following list of fields are optional.
#--Uncomment fields (# removed) to be blacklisted and not sent to Operata.

#Agent.RoutingProfile
#Agent.RoutingProfile.ARN
#Agent.RoutingProfile.Name
#Agent.ARN

#AWSContactTraceRecordFormatVersion

#CustomerEndpoint
#CustomerEndpoint.Type
#CustomerEndpoint.Address

#MediaStreams
#MediaStreams.<array-index>
#MediaStreams.<array-index>.Type

#Channel

#SystemEndpoint
#SystemEndpoint.Type
#SystemEndpoint.Address

#Attributes
#Attributes.<key>

#Recordings
#Recordings.<array-index>
#Recordings.<array-index>.MediaStreamType
#Recordings.<array-index>.Status
#Recordings.<array-index>.StorageType
#Recordings.<array-index>.Location

#InitiationMethod
#InstanceARN
#AgentConnectionAttempts

#Recording
#Recording.Status
#Recording.Type
#Recording.Location

#Queue.ARN
#Queue.Name

Full documentation for Contact Trace Records data model can be found here.

Notes

  • If AWS adds data fields then they will be sent to Operata by default. New field names can be added to this blacklist as required - please contact Operata if this is needed.

  • Further information regarding Operata Conductor installation can be found here https://docs.operata.com/docs/installing-operata-conductor.

If you have issues or questions don't hesitate to contact us.

Updated 6 months ago