Protecting the Privacy of Recorded Users (Anonymization)

In order to protect the privacy of recorded users, ITM On-Prem (ObserveIT) enables all personal information that could identify users to be "anonymized". When "Anonymization" is enabled, personal user information is hidden in the ITM On-Prem Web Console unless specifically requested and approved to be exposed.

Web Console users who have permissions to access the ITM On-Prem (ObserveIT) configuration (Admin role users) must provide a new password in order to enable anonymization, configure it, and expose users as a result of an exposure request. These "Privacy Officers" must enter this password at the start of each Web Console session in order to access the user privacy pages. For details, see Defining an Anonymization Password.

How Anonymization is reflected in the ITM On-Prem Web Console

When Anonymization is enabled, personal information that identifies the user is replaced with randomly generated codes (for details, see How Anonymization is Implemented in ObserveIT.

In the User Risk Dashboard, risky users' personal photos, full names, departments, roles, and login account details are anonymized. For example:

 

In the Management Console, session data that represents recorded user activity or alerts is anonymized. This is reflected in the Server and User Diaries, Alerts page, and the Latest Sessions list (to the left of the Console showing the most recently active sessions).

Note the following:

• The Session Player displays metadata only; no screenshots are displayed. The text Only MetaData as session is anonymized is displayed. For Unix sessions, the text No output as session is anonymized is displayed.

• Alert screenshots are not displayed in Gallery and Slideshow modes.

• When saving a session for exporting to HTML, screenshots will not be exported.

• The functionality of some features is restricted. For example, when using the ITM On-Prem (ObserveIT) Search feature, to prevent searching for a user name or email and thus identifying the user, search by Window title and Key Logging is not allowed (for details, see Types of Data You Can Search For).

Some features are not accessible. A message is displayed if you try to access the following pages:

• DBA Activity

• Saving Sessions to view them offline

• Audit Sessions

• Audit Saved Sessions

• Archive (Diary and Search)

• Reports

Excluding specifically requested users from anonymization

The Privacy Officer can exclude specifically requested users from having their personal identifiable information anonymized by:

• Defining users or AD groups whose personal details should not be anonymized. See Excluding Users From Being Anonymized.

• Allowing specific Web Console users to view all user personal data in the clear. See Permitting Users to Bypass Anonymization.

Exposing personal user information after anonymization

The Privacy Officer can expose the personal details of risky users whose personal details were previously anonymized.

Only users for whom a specific request was made and approved can have their personal details exposed.

Users' personal details (photo, full name, department, role, and login account) can be exposed and also the names of any computers and accounts that were accessed by a user during a session.

After a user is "de-anonymized":

• The user's personal details will be displayed in the User Risk Dashboard.

• In the Management Console, all session data for the user representing recorded user activity and alerts will be viewable in the Latest Sessions, Server and User Diaries, and Alerts pages.

The following topics in this section describe how to:

• Configure anonymization

• Expose personal information for specific users

• Manage requests for user exposure