Auto-Owners is auditing and documenting data protection/privacy provided by third-party vendor products. My area has been asked whether Infogix could gain access to information from Auto-Owners data stores being processed by solutions built using Infogix Data360 DQ+. I'm reasonably confident that such access is not possible, especially since we run the Enterprise (on-premise) version of the product. However, one scenario did occur to me that I wanted to ask about specifically. We sometimes share log files generated by DQ+ with Infogix product support in the process of resolving a support ticket. These can be large and might not be in a readable format. Could any DQ+ log file contain data from external or internal data stores, causing an Auto-Owners employee to inadvertently share this data with Infogix? For example, could a DQ+ log file contain a message that included the contents of a record being processed at the time of an exception: "Exception xyz occured while processing data source record with contents: customer name = Rob McCurley, address = 123 Main Street, social security number = ..."? I concede that Infogix can't make assurances about log files produced by Cloudera/HortonWorks or other third-party vendors, so this particular scenario applies only to log files generated by DQ+ or components shipped with it.
In summary, could Auto-Owners proprietary data appear in a log file produced by Infogix DQ+? Are there other scenarios I haven't asked about here by which and Enterprise/on-premise DQ+ implementation could pose data privacy risks to companies like Auto-Owners?
Please sign in to leave a comment.