< All Topics
Print

Anonymisation of Selected Users PII Data

Teamwork Analytics collects and stores user data from Microsoft Graph API and surfaces the data in reports.

This includes four pieces of personally identifiable information (PII) per user:

PIIExamples
Given nameJohn
SurnameSmith
Email addressJohn.Smith@example.com
User principal namejohn.smith@example.onmicrosoft.com
[As shown in reports]John Smith (John.Smith@example.com)

In order to assist our customers adhering to data protection and privacy regulations, such as GDPR, Teamwork Analytics supports anonymisation of this data via a deterministic obfuscation algorithm.

Once anonymised it will look like this in the database and reports.

PIIExamples (Anonymised)
Given namegbo9mS
SurnamegGdp12U
Email addressAa0lWbT5ibo9mS@example.com
User principal nameAa0lWbz5ibo9ma@example.onmicrosoft.com
[As shown in reports]Anon (Aa0lWbT5ibo9mS@example.com)

In some situations user data is related from one Microsoft source to another using User Principal Name as the “key”. For example TWA relates users’ daily Teams usage statistics to their department, city and country data using User Principal Name.

Because User Principal Names contain PII, TWA replaces them with an irreversible hash (SHA256 algorithm). This removes PII whilst still allowing for the data to be related. This is rule is applied to all users in any situation where User Principal Name is used as a key, regardless of configuration.

The Email Address also contains PII, so TWA stores an additional irreversible hash (SHA256 algorithm) of this column which is used to relate to other data. Such as the Hashed Creator Email of DriveItems.

OriginalReplacement
john.smith@example.onmicrosoft.com932132B62E416813A1947914DB8BB807DFB9C671701DB6D08E8AEB966B67B3F4

The data is anonymised as it is received from Microsoft’s API before any further processing and storage. The obfuscation is reversible upon request but requires Modality support, if required please contact software.support@nasstar.com.

How Anonymisation Works

This feature is configured by simply insert rows to the table named configuration.UserObfuscationCriteria using Microsoft SQL Server Management Studio

PropertyNameValue
CountryGermany
CountryDeutschland
CountryFrance
CountryUK

This table instructs Teamwork Analytics to anonymise a group of users based on having Active Directory attributes,

e.g. anonymise all users who have Country set to Germany (both case-insensitive).

The property names and values are case-insensitive, they must match the values returned by Microsoft Graph API (practically speaking, they must match real values stored in your Active Directory). E.g. you must specify “CompanyName”, not “Company Name”.

You can make use of Custom User Attributes, provided they are configured correctly.

Example from Graph API:

{ ... "city": "Norwich", "companyName": "Example", "country": "United Kingdom", "department": "Development (UK)", "displayName": "John Smith", "givenName": "John", "jobTitle": "Software Engineer", "mail": "John.Smith@example.com", "mailNickname": "John.Smith", "officeLocation": "Norwich", "postalCode": "ABC 123", "preferredDataLocation": null, "preferredLanguage": null, "state": "Norfolk", "surname": "Smith", "usageLocation": "GB", ... }

How to configure Anonymisation (CAT)

Users are anonymised according to configurable rules stored in the Teamwork Analytics Database. For SaaS customers please contact software.support@nasstar.com for Nassar / Modality to configure this feature for you.

  1. Open SQL Management Studio and Connect to the Teamwork Analytics Database
  2. Run the following – Replace the AD Property and AD value
INSERT INTO [configuration].[UserObfuscationCriteria]       ([PropertyName]       ,[Value])    VALUES       ('[AD PROPERTY HERE]'       ,'[AD PROPERTY OBFUSCATION VALUE HERE]') GO

e.g. for triggering on the country is Germany, run the following

INSERT INTO [configuration].[UserObfuscationCriteria]       ([PropertyName]       ,[Value])    VALUES       ('Country'       ,'Germany') GO
  1. There is no need to restart any service, it will start from the next main scan of user data (see Power BI logging report for scan times)

Moving a user out back out of anonymisation

Once TWA has anonymised a user based on the rules above, it keeps a record of the user’s User Principal Name (stored as a hash), even if they later change AD attribute to something different. This is to ensure that the user continues to be anonymised even if the data is updated (for example if their Country is changed to another location).

If you wish to exclude a user from further anonymisation, you must locate them in the table named dbo.Users, copy their EID, then find and remove the same value from the dbo.ObfuscatedUsers table.

Table of Contents