RSA Adaptive Authentication (On-Premise) ID Masking in the Context of GDPR
In the upcoming release of Adaptive Authentication (On-Premise) version 7.3 P4, RSA will remove the ID Masking parameter from the Administration Console application.
The ID Masking parameter allows customers to choose whether to hash personally identifiable information in the log file before the information is uploaded to RSA Central. From version 7.3 P4, the system will, by default, hash personally identifiable information in the log files before the upload to RSA Central.
In the context of GDPR, the customer is the data controller and as such, is responsible for remediating to comply with its obligation as data controller.
As the data processor, RSA is suggesting what the customer needs to do to mitigate its risks under GDPR. By failing to remediate, the customer assumes the risks of non compliance. The decision whether to comply or not to comply is the customer's and the customer accordingly assumes the risks that follows its decision.
Customers that continue to use previous Adaptive Authentication (On-Premise) versions (that is prior to 7.3 P4) should configure their system to hash personally identifiable information in the log file before the information is uploaded to RSA Central, using the ‘ID Masking’ parameter in the Admin Console.