1 Privacy User Guide Introduction

This document contains guidelines for managing securely the Personal Information processed in the SAPC.

Ericsson is committed to protect the collected personal information. Read this Privacy User Guide carefully.

The Privacy User Guide describes the privacy operation and maintenance activities that can be performed for the SAPC. The Privacy User Guide contains:

An overview of all the privacy-related functionality supported by the product.
Instructions/procedures for operating the privacy functionality of the product.
Instructions/information how to maintain the privacy status of the product, that is, instructions for the privacy configuration of the product in the daily O&M activities.
The default values (factory settings) of the privacy parameters.
Listing and classification of the personal data processed by the product.

1.1 Target Group

The target group for this information is personnel who work with the SAPC product. All personnel who work with engineering, installation, test, and operation and maintenance of the SAPC product must be familiar with this information.

1.2 Notice

The SAPC processes personal information and it may have an impact on the right to privacy of the data subjects (for example, subscribers), whose data is processed. You can find in Listing and Classification of the Personal Data Processed by the Product the detailed summary of the processed data items.

When operating the SAPC as a data controller, ensure that personal information processing is performed in a fair and lawful manner, and in accordance to the local data protection regulation in force. This can be achieved by providing notice to subscribers of privacy policies of the operator, for example at the moment of establishing the subscription.

It is also advised to provide comprehensive and understandable information to subscribers before, or at the time of collecting the personal information.

1.3 Consent

As described in the summary of the personal data in Table 2, the SAPC may also process sensitive personal data as location, in addition to basic personal data. The local data protection regulation where you are operating the SAPC may require obtaining subscriber consent to process this kind of personal information. Such consent should be obtained so to:

Collect and maintain personal data of the subscriber, aimed at holding securely this information.
Fulfill the purpose of installing, upgrading, and administering the SAPC.
Disclose the personal information to third parties.

1.4 Choices and Personal Data Retention

The SAPC offers features to allow correction, update, and access to personal data or request deletion of unnecessary personal data.

Inform subscribers about the possibility to change or access its personal data contained in the SAPC.

The SAPC enables management of personal data life cycle to ensure that:

Personal data is accurate.
The processing of personal data corresponds with the information given to users and their consents.
Unnecessary, excessive, or outdated personal data is deleted or anonymized.

When personal information is no longer required for the purpose stated earlier, follow an official procedure to dispose of this information.

2 Privacy Functionality Contained in the SAPC and Intended Purpose

Personal information can be found in policies and subscriber data provisioned by the customer / operator and in logs issued by the product. The personal information included in policies is used by the SAPC for determining which policies are applicable to certain subscriber. The SAPC evaluates policies and make decisions to be enforced by surrounding nodes. These decisions are tailored on a subscriber basis, and for this reason, the personal data of the subscriber is used for subscriber identification.

The following data may be stored in the SAPC database:

subscriberIdentity:
- subscriberTraffic Id (IMSI, MSISDN, NAI)
operatorSpecificInfoSubscriber
- value: this field may contain any information the operator decides. This comprises any personal data (that is, Mobile Device Serial Number, Location Info).
smsDestinationsSubscriber
- sms: SMS destination number to send the subscriber notification.

The following tags, that may contain personal data belonging to a subscriber, can be used in policies:

AccessData.subscriber.imsi
AccessData.subscriber.msisdn
AccessData.subscriber.ueIpAddress
AccessData.subscriber. ueIpv6Prefix
AccessData.subscriber.ueIpAddressType
AccessData.subscriber.locationInfo.cellIdentity
AccessData.subscriber.locationInfo.locationAreaCode
AccessData.subscriber.locationInfo.networkCode
AccessData.subscriber.locationInfo.routingAreaCode
AccessData.subscriber.locationInfo.routingAreaIdentity
AccessData.subscriber.locationInfo.serviceAreaCode
AccessData.userEquipmentInfo.serialNr
AccessData.userEquipmentInfo.version
AccessData.subscriber.id

The following logs may contain personal data belonging to a subscriber:

Table 1 Logs Containing Personal Data
Event Log Name	Personal Information
Autoprovisioned subscriber	Subscriber Id
End User Notification discarded	Subscriber Id, SMS destination number, Notification Text
Existing IP Session removed	IP Address
Reset of accumulated usage data	Subscriber Id
Usage Limit Surpassed	Subscriber Id
Unabled to deliver End User Notification	Subscriber Id, Notification text

The personal data contained in the logs cannot be selectively deleted. The logs can be deleted / removed, which means that the information contained in the logs is cleared. It is not possible to remove the information of a specific user from logs.

If the logs are moved outside the SAPC (that is, to an external repository owned by the operator), the SAPC loses control over the contents of the logs and its security. So it is responsibility of the operator to keep and maintain privacy and security over the personal data contained in them.

2.1 Instructions for Operating the Privacy Functionality

The configuration of the functionality related to Location Information and Subscriber Identity can be found in the following configuration guides:

2.2 Procedures for Maintaining the Privacy Configuration

The configuration of authentication and authorization mechanisms in the SAPC is described in the following documents:

System Administrator Guide

These documents describe the framework provided by the SAPC to define the access rights to the personal information stored in the SAPC.

2.3 Default Values of the Privacy Parameters

The default values for all privacy parameters can be found at the following documents:

2.4 Listing and Classification of the Personal Data Processed by the Product

The private information (personal data) handled by the SAPC is described in the following table. The ‘Collected’ column indicates that the SAPC holds / manages the private data stated in the same row as the cross:

Table 2 Personal Data
Personal Data Category	Type of the Data	Collected (Check Box)
Basic data	IP Address of Trace Collection Entity	X
	IMEI Serial Number	X
	IMEI-SV Serial Version Number	X
	International Mobile Subscriber Identity (IMSI)	X
	Mobile Subscriber ISDN Number (MSISDN)	X
	Mobile Number	X
	User ID	X
	NAI	X
	Email address	X
Sensitive data (identifiable user activity)	Location: LAC / Cell ID	X
	Location Other: RAC	X
	Location Other: RAI	X
	Location Other: SAC	X
	Subscribed Services: TV/Media Channels

Copyright	© Ericsson AB 2018. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.
Disclaimer	The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
Trademarks	All trademarks mentioned herein are the property of their respective owners. These are shown in the document Trademark Information.