Implementing Campaign Manager - System Management

data output audit

To support GDPR requirements in regards to the auditing of data export and investigation into data breaches, Alterian have introduced a Data Output Audit Log to capture relevant information when data outputs from Campaign Manager occur.

There are many ways that data can be exported from Campaign Manager, some of which are more traceable than others, so the approach has been to analyze each method and capture as much information as possible to assist with data breach investigations.

The export activity is added to a table in the SQL ALMain database called AL.GDPRLog and the table below shows the logging created. This will not initially be exposed within the system logs, so would need to be viewed outside the application.

IMPORTANT 

Note:S

Data Files - This process does not capture the actual data file that is exported. The legislation above states that there may be a requirement to contact individuals whose data has been breached so consideration should be given to the following:

  • Output from Email Tactics - Email Manager GDPR development will allow the gathering of individuals contact by specific outputs and potential data breaches from Email Manager contacts should be investigated within that application logging.
  • Campaign Manager and Campaign Outputs - If Campaign History is being used this could be used to gather this contact info, otherwise copies of the output files would need to be taken.

Users and Logons - As part of this process it is important to understand the difference between Users and Logons. Documents within the application are owned by the User. A document such as a campaign or a scheduled segment, will execute in the background, so the document Owner (User) owns the campaign processing. Marketers and Analysts log into the application as a logon, but everything they do is still done in the background under the ownership of the User. All processing is performed by the User (document owner). GDPR logging focuses on the User so that it can reliably track output activity regardless of the application being open by a Logon or not. It should therefore be noted that the LogonID, will not be captured for campaign activity as it is the User that performs the operation. With the introduction of GDPR and the requirement to track exports, the only 100% consistent tracking method for campaigns is to have a 1 to 1 relationship between Users and Logons to ensure the User is always tracked regardless of logon state. Failing to do this could introduce uncertainty because the logging must be accurate for situations of running campaigns manually and as scheduled background tasks when no Logon is in use.

 

The list below defines the data that will be be captured on export. Where this data does not exists in the log, it has not been available. for example when exporting from a Segment Document, a CampaignName is not available as the export is not part of a campaign, or were an Export to Excel has occurred from a document that is not saved, a Document name will not be available. as it has no name.

  • Export Date/Time
  • Client Id
  • Client Name
  • User ID
  • User name
  • Login ID
  • IP Address
  • Document Name
  • Document ID
  • Campaign ID
  • Tactic Name
  • Tactic Output Name
  • Data Source Name
  • Resolution Table Name
  • Columns Exported
  • Output Count
  • File Name
  • FTP Site ID
  • FTP Name
  • FTP Folder Location
  • External Agent ID
  • External Agent Name
  • Kettle Script Name
  • UNC Folder Path
  • Document Folder ID
  • Document Folder Name

Example query to retrieve the log for a single campaign:

select * from AL.GDPRLog where Documentid = 720
     
© Alterian. All Rights Reserved. | Privacy Policy | Legal Notice