7 Security Shield Data Privacy

Data privacy is on the top of Oracle's design, development, and operations whenever Personal Information data is involved to make sure our product is compliant with various data privacy regulations, including General Data Protection Regulation (GDPR). Oracle does not collect, store, or process sensitive information. In Oracle Communications Security Shield Cloud Service (Security Shield) Cloud components, we make sure that logging includes no PII data. For the data sent to external partners for verification, we make sure that all Security Shield partners comply with data privacy regulations. For the data sent to Oracle data analytics service, all data fields identified as PII are marked properly. Oracle either removes or anonymizes such personal information data fields after a certain usage period (30 days).

The specific data includes phone number, IP address, and device type identifier that may appear in call records, logs, and other artifacts from Security Shield on-premises components (Session Border Controller and Cloud Communication Service) are handled according to our customer's security policies. Any data process procedures are compliant with data privacy regulations applicable to the customer's jurisdiction. See Appropriate Security Required by Data Privacy Regulation.

For more information, customers with a My Oracle Support (MOS) contract or who are under a Non-disclosure Agreement can refer to the Product-Service Feature Guide (PSFG ) located in MOS under #114.2 (navigate to CGBU).

Personal Data Used by Security Shield

The Oracle Communications Security Shield Cloud Service (Security Shield) uses only the metadata from call signaling, such as the phone numbers. Security Shield uses both the calling number and the called number to assess the risk of a phone call and the phone number. The call signaling may include device identifiers, for example, IP addresses, device ID, and device fingerprints. When these identifies are available, Security Shield stores them as part of the call data for a call. Security Shield does not record calls.

Security Shield does not have access to store, correlate, or map restricted or sensitive personal data such as:
  • End-user contact information
  • Employment details HR performance details, and job qualifications
  • Health and healthcare information
  • Family information, lifestyle, and social circumstances
  • Administrative, audit, accounting, and financial information
  • Financial transaction data
  • Tracking information
  • Photographs and testimonials
  • Call recording
  • Education, qualification, curriculum vitae, resumes, and results from background checks