SARA data domains: Difference between revisions
Jump to navigation
Jump to search
Stefanseiler (talk | contribs) |
Stefanseiler (talk | contribs) No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
{| class="wikitable" | {| class="wikitable" | ||
|+ | |+ | ||
!O=Owner, P=Processor, | !O=Owner, P=Processor, C=Consumer | ||
! colspan="4" |Ownership & Storage | ! colspan="4" |Ownership & Storage | ||
! rowspan="2" |Sensitivity | ! rowspan="2" |Sensitivity | ||
| Line 35: | Line 35: | ||
|Travel Group information | |Travel Group information | ||
| style="text-align:center; background-color:#FFCCCB" |O | | style="text-align:center; background-color:#FFCCCB" |O | ||
| style="text-align:center; background-color:#96F97B" | | | style="text-align:center; background-color:#96F97B" |C | ||
| style="text-align:center; background-color:#96F97B" | | | style="text-align:center; background-color:#96F97B" |C | ||
| style="text-align:center; background-color:#96F97B" | | | style="text-align:center; background-color:#96F97B" |C | ||
|normal | |normal | ||
| | | | ||
| Line 45: | Line 45: | ||
| style="text-align:center; background-color:#FFCCCB" |O | | style="text-align:center; background-color:#FFCCCB" |O | ||
| style="text-align:center; background-color:#ADD8E6" |P | | style="text-align:center; background-color:#ADD8E6" |P | ||
| style="text-align:center; background-color:#96F97B" | | | style="text-align:center; background-color:#96F97B" |C | ||
| style="text-align:left; color:#FF0000" |high | | style="text-align:left; color:#FF0000" |high | ||
|May contain sensitive information | |May contain sensitive information | ||
| Line 53: | Line 53: | ||
| style="text-align:center; background-color:#FFCCCB" |O | | style="text-align:center; background-color:#FFCCCB" |O | ||
| style="text-align:center; background-color:#ADD8E6" |P | | style="text-align:center; background-color:#ADD8E6" |P | ||
| style="text-align:center; background-color:#96F97B" | | | style="text-align:center; background-color:#96F97B" |C | ||
| style="text-align:left; color:#FF0000; font-weight: bold" |very high | | style="text-align:left; color:#FF0000; font-weight: bold" |very high | ||
|Contains also information on medical decision process | |Contains also information on medical decision process | ||
| Line 61: | Line 61: | ||
| style="text-align:center; background-color:#FFCCCB" |O | | style="text-align:center; background-color:#FFCCCB" |O | ||
| style="text-align:center; background-color:#ADD8E6" |P | | style="text-align:center; background-color:#ADD8E6" |P | ||
| style="text-align:center; background-color:#96F97B" | | | style="text-align:center; background-color:#96F97B" |C | ||
|normal | |normal | ||
|Shared ownership, based on transport contract | |Shared ownership, based on transport contract | ||
|- | |- | ||
|[[TASR - Request management data|Request management data]] | |[[TASR - Request management data|Request management data]] | ||
| style="text-align:center; background-color:#96F97B" | | | style="text-align:center; background-color:#96F97B" |C | ||
| style="text-align:center; background-color:#96F97B" | | | style="text-align:center; background-color:#96F97B" |C | ||
| style="text-align:center; background-color:#FFCCCB" |O | | style="text-align:center; background-color:#FFCCCB" |O | ||
| style="text-align:center; background-color:#ADD8E6" |P | | style="text-align:center; background-color:#ADD8E6" |P | ||
| Line 94: | Line 94: | ||
=== Data processing roles === | === Data processing roles === | ||
{| class="wikitable" | {| class="wikitable" | ||
!Owner | ! | ||
!Access | |||
!Storage | |||
|- | |||
! style="text-align:left;" |Owner | |||
|Has permanent (physical and logical access to the information) | |Has permanent (physical and logical access to the information) | ||
|permanent (database) | |||
|- | |- | ||
!Processor | ! style="text-align:left;" |Processor | ||
|Gets access to this information and keeps it for regulatory and legal litigation purposes | |Gets access to this information and keeps it for regulatory and legal litigation purposes. | ||
|Data is persisted in permanent storage facility (database), but will actively be anonymized or deleted after the regulatory period has passed. | |||
|- | |- | ||
! | ! style="text-align:left;" |Consumer | ||
| | |Gets temporary access to this information, but only as long as the party requires it. | ||
|'''Data will only be stored in temporary cache files and will be refetched, if cache expires prematurely (depending on strictness of cache-settings)''' | |||
|} | |} | ||
Latest revision as of 07:02, 26 June 2025
A travel assistance service requests holds these data domains, which are each handled differently due to the ownership and sensitivity of contained information:
| O=Owner, P=Processor, C=Consumer | Ownership & Storage | Sensitivity | Details | |||
|---|---|---|---|---|---|---|
| Agent | PAX | OC | Del.P. | |||
| Unstructured Communication | ||||||
| PAX with OC | O | P | high | May contain sensitive information | ||
| Agent with OC | O | P | high | Agent is acting on behalf of the PAX! May contain sensitive information | ||
| Case structured data | ||||||
| Travel Group information | O | C | C | C | normal | |
| Personal information | P | O | P | C | high | May contain sensitive information |
| Medical information | P | O | P | C | very high | Contains also information on medical decision process |
| Journey Information | P | O | P | C | normal | Shared ownership, based on transport contract |
| Request management data | C | C | O | P | normal | This holds the case decision process and associated meta-information |
| Delivery information | ||||||
| Delivery requests & instructions | O | P | high | May contain sensitive information | ||
| Delivery status information | O | P | normal | LH ownership, due to service contract | ||
Data processing roles
| Access | Storage | |
|---|---|---|
| Owner | Has permanent (physical and logical access to the information) | permanent (database) |
| Processor | Gets access to this information and keeps it for regulatory and legal litigation purposes. | Data is persisted in permanent storage facility (database), but will actively be anonymized or deleted after the regulatory period has passed. |
| Consumer | Gets temporary access to this information, but only as long as the party requires it. | Data will only be stored in temporary cache files and will be refetched, if cache expires prematurely (depending on strictness of cache-settings) |