In recent years legislation such as the California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDPR) have highlighted the need to keep personal data – that is, information that can be traced back to an individual – under a high degree of control.
IP Office can under certain conditions process and save personal data. Some examples are:
Responsibility to keep such data protected is ultimately the responsibility of the ‘Data Controller’. For IP Office the Data Controller typically would be the company using the system. that is, the customer or their agent. Under CCPA this is referred to as a ‘Business’.
Avaya IP Office, when used as part of a solution to process and save personal data on behalf of the customer is termed the ‘Data Processor’. Under CCPA this is referred to as a ‘Service Provider’. Note that IP Office will form only part of the Data Processor aspects, usually combined with other automated or manual processes.
IP Office cannot be individually certified to adhere to a specific data privacy requirement, but can be configured and operated by the Data Processor to achieve compliance with various data privacy regimes such as GDPR and CCPA.
The IP Office Platform adheres to the following set data privacy principles:
Architectured and designed with data privacy in mind
No personal data captured by default
Controls over what personal data can be captured, and how long it is retained.
Notifications to individuals before personal data is captured, along with a record of acceptance.
All personal data secure both at rest and in transit
Personal data remains local to the servers; IP Office Cloud storage remains within the geographic region.
Access to all personal data controlled via the IP Office Authentication and Authorization framework
Personal data can be exported, modified or deleted in response to data privacy requests.
Access to personal data logged. These logs may be viewed by the customer to provide an audit trail of personal data access.
A Product Privacy Statement for IP Office can be found at: https://downloads.avaya.com/css/P8/documents/101049410.
Securing the IP Office Platform Solution contains information for securing the IP Office solution and must be followed from both a security and Data Privacy perspective. In addition, the following documents must be read prior to solution deployment:
Avaya IP Office Product Privacy Statement
Avaya Workplace Product Privacy Statement
Avaya Collaboration Product Privacy Statement
Avaya Contact Center Select Product Privacy Statement
Avaya Call Reporting For IP Office Product Privacy Statement
It is useful when reviewing these documents to understand the following terms. These definitions are broad in scope and may vary according to the data privacy regulations in force in a particular country/region.
Category |
Description |
Personal Data |
Means any information relating to an identified or identifiable natural person. This could include personal phone numbers, information recorded during calls, email addresses, location data, home address. |
Data Subject |
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name |
Data Controller |
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. An example could be the customer operating the IP Office system. |
Data Processor |
A natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller. The IP Office system could form part of data processing. |
