Password protection for agents in new Insight

zweiler

Dear all,

I want to point out the information, that there is no possibility at the moment to password protect agents in the new Insight. The function is available in the Classic Insight, but not in the new Insight.

By keeping in mind the new GDPR law starting mid of May every report with personalized data needs to be sent password protected, it´s a pitty, that this function isn´t available yet in the new Insight. For example, if you want to trigger an automatically export of Form Submission Data to the client or event the consumer service to react accordingly within any contact us form, this won´t be GDPR compliant. So we are either not GDPR compliant, which mean big penalties can be expected or we need to export the data manually each day/week (depending on the request), protect it manually with a password and share it with the client or consumer service here.

I´m sure, that a lot of other instances have the same use cases by sending personalized data on a regular basis to their clients.

I have been informed, that there is already an Enhancement Request, that this password protection functionality will be integrated in any future release. I hope we don´t need to wait until the Classic Insight will be switched off in September and can have this function already enabled latest beginning of May to be prepared for the new law and to ensure Eloqua Insight is GDPR compliant here.

Kind regards,

Sonja

Jan-Pieter Feikens

This is actually one of the reasons why I haven't moved some reports from Classic Insights to the new Insights..

Jan-Pieter Feikens

Tagging  @JazmineDuke-Oracle, as she is Product Manager for Insight. Hopefully she can share some info on this.

User_RKVIQ

Eloqua allows only authenticated users to setup report Agents (aka subscriptions) within Insight. It is important to note that only logged in Eloqua users have access to setup the functionality in question.

Additional GDPR resources are available in the Oracle Marketing Cloud whitepaper and in a new Data Privacy / Security section of the Help Center documentation.

Please note, any and all information Oracle provides on GDPR is not legal advice nor should it be considered instructions on defining your own security policy.

Lisa Black

Director, Product Management

User_RKVIQ

This is actually one of the reasons why I haven't moved some reports from Classic Insights to the new Insights..

Eloqua allows only authenticated users to setup report Agents (aka subscriptions) within Insight. It is important to note that only logged in Eloqua users have access to setup the functionality in question.

Additional GDPR resources are available in the Oracle Marketing Cloud whitepaper and in a new Data Privacy / Security section of the Help Center documentation.

Please note, any and all information Oracle provides on GDPR is not legal advice nor should it be considered instructions on defining your own security policy.

Lisa Black

Director, Product Management

Jan-Pieter Feikens

Eloqua allows only authenticated users to setup report Agents (aka subscriptions) within Insight. It is important to note that only logged in Eloqua users have access to setup the functionality in question.

Additional GDPR resources are available in the Oracle Marketing Cloud whitepaper and in a new Data Privacy / Security section of the Help Center documentation.

Please note, any and all information Oracle provides on GDPR is not legal advice nor should it be considered instructions on defining your own security policy.

Lisa Black

Director, Product Management

With the above screenshot, I am able to add email addresses to the receivers of a certain report. Those people will receive a report that is not secured in their inbox that potentially can contain customer data.

Within the old classic insights, you are able to make the file password protected and thus secure the files going over the internet. This is a method a lot of our customers actually prefer and are waiting with the transition of reports from Insights Classic to the new Insights..

User_RKVIQ

With the above screenshot, I am able to add email addresses to the receivers of a certain report. Those people will receive a report that is not secured in their inbox that potentially can contain customer data.

Within the old classic insights, you are able to make the file password protected and thus secure the files going over the internet. This is a method a lot of our customers actually prefer and are waiting with the transition of reports from Insights Classic to the new Insights..

As mentioned, Eloqua allows only authenticated users to setup report Agents (aka subscriptions) within Insight. It is important to note that only logged in Eloqua users have access to setup the functionality in question.

Eloqua sends emails via secure mechanism, currently using TLS 1.2.

Aaron Coquet

As mentioned, Eloqua allows only authenticated users to setup report Agents (aka subscriptions) within Insight. It is important to note that only logged in Eloqua users have access to setup the functionality in question.

Eloqua sends emails via secure mechanism, currently using TLS 1.2.

While sending email via secure mechanism is a good thing, the concern that @zweiler, @Jan-Pieter Feikens, and others (including myself and my company, via support tickets) are expressing is not "The email could be intercepted" (which TLS guards against). The concern is also not "Someone could go in to Eloqua Insight and email records to them self" (Which Insight's authentication guards against).

The concern is that, per privacy policies and as alluded to in GDPR Article 32 Section 1(a), personal data needs to be encrypted. It is generally understood that this encryption needs to be "always on" - in other words, accessing the data requires authentication / decryption each time, rather than just once. This means that any attachment to an email, which contains personal data, must be encrypted after the transmission has taken place. TLS transmission is good, but does not address the GDPR requirement. We need password protection of attachments!

Hans-Georg Gruber

@LisaBlack-Oracle I agree with @Jan-Pieter Feikens and @Aaron Coquet

Having a Feature in Eloqua that sends out reports is critical.

Due to the GDPR these emails have to be encrypted. Or more precisely:  the personal data in the attachment has to be encrypted.

This also means that Eloqua notification Emails are not GDPR conform anymore as long as they are not encrypted, as they include personal information.

When will Eloqua provide the feature for encrytion?

gibbo42

Can this be opened for voting again? Having more & more issues with Classic Insight; but can't migrate to new Insight due to this (lack of) feature

Astrid80335

I also like to request this point to re-open for voteing.

I opened a new Dream it - with a reference to this one here.

Please see and vote for:

User_F5GOB

If you use weak passwords (or the same one everywhere), you are only making it easier for someone to compromise all your accounts. Start using one of our top-rated password managers to help create a unique and strong password for every website. You can try this site https://www.1tool.online