GDPR & Privacy

Data Protection and Compliance

Our WebEx Log Viewer Tool is designed with strict adherence to data protection regulations, including the General Data Protection Regulation (GDPR) and Cisco's internal privacy policies. Given that the tool processes log files containing potentially sensitive information, the following measures ensure compliance and safeguard user data: Key GDPR Principles Addressed

  1. Lawfulness, Fairness, and Transparency
    • Users are informed about the purpose of log data processing (troubleshooting and system improvement) via clear documentation.
    • No personal data is collected beyond what is necessary for log analysis.
  2. Purpose Limitation
    • Log data is processed solely for diagnosing technical issues and improving WebEx call performance. It is not repurposed for unrelated activities.
  3. Data Minimization
    • The tool only processes log entries relevant to technical diagnostics (e.g., error codes, timestamps, hardware metrics).
    • Sensitive user information (e.g., names, IP addresses) is anonymized or excluded where possible.
  4. Storage Limitation
    • Log files are stored temporarily during active analysis and are not retained beyond the session unless explicitly saved by the user.
    • Cisco's existing data retention policies govern long-term storage of logs on their internal servers.
  5. Integrity and Confidentiality
    • All data is processed on-premises within Cisco's secure infrastructure, ensuring no external transfers or exposure to third-party systems.
    • Encryption is applied to log files during transmission and storage.
  6. Accountability
    • Access to log data is restricted to authorized Cisco engineers.
    • Audit logs track tool usage to monitor compliance.

Privacy Safeguards

1. Data Handling

  • No Cloud Processing: The tool operates entirely within Cisco's internal network, ensuring no data leaves the organization's control.
  • Local Storage: User-configured filters and preferences are stored in the browser's localStorage (client-side), avoiding server-side retention.
  • AI and Anonymization: The AI agent processes log data without extracting or storing personally identifiable information (PI). Queries to external models (e.g., OpenAI) are sanitized to exclude sensitive context.

2. User Rights

  • Right to Access/Delete: Engineers can delete uploaded log files or clear filter histories at any time.
  • Opt-Out: The AI analysis feature can be disabled if users prefer manual log inspection.

3. Future Enhancements

To further align with privacy-by-design principles, the following could be implemented:

  • Automated PII Redaction: Scrub identifiable data (e.g., email addresses) from logs before processing.
  • Granular Access Controls: Role-based permissions to restrict log access by team or seniority.
  • User Consent Workflow: Explicit prompts for uploading logs containing sensitive data.

Conclusion

The tool prioritizes privacy by design, ensuring compliance with GDPR and Cisco's security standards. By minimizing data exposure, enforcing on-premises processing, and providing user controls, it balances functionality with robust data protection.