Data Privacy for Diagnostics (DPfD)

Enterprises are required to prevent customer personal or other sensitive information from being exposed to those who have no need to see such data. During data processing, various types of system and application errors can require an installation to send diagnostic data to program vendors for analysis and problem resolution. Diagnostic data typically takes the form of SVC memory dumps, stand-alone memory dumps (SADMP), LOGREC data, traces, system and application logs, and so on. Memory dumps have the greatest exposure of containing sensitive data along with the required system and or application data.

Data Privacy for Diagnostics provides facilities for tagging sensitive data and producing redacted memory dumps that do not contain the tagged sensitive data. The original memory dump should be retained for the entire period that problem analysis is being conducted. The redacted memory dump would be made available to the appropriate program vendors.

To accomplish data tagging by applications, a set of services are provided by the storage management interfaces of z/OS for independent software vendor (ISV) applications and operating system components to use. For more information about tagging storage, see Tagging 64-bit memory objects for data privacy in the z/OS® MVS™ Programming: Assembler Services Guide. When data has been tagged, a set of services available by using interactive problem control system (IPCS) parts may be used to post process the memory dumps taken on z15 or later processors.

The following functions are provided by the Data Privacy for Diagnostics Analyzer:
  • You may redact any data that is tagged as sensitive=yes in SVC or stand-alone memory dumps captured on a z15 or later processor by using the sample job SYS1.SAMPLIB(BLSJDPFD)
  • One may obtain a report about the pages that were marked as sensitive in a redacted memory dump by using ‘SYS1.SBLSCLI0(BLSXREDR)’ providing an input memory dump data set name, and optionally a filtering ASID.

The Data Privacy for Diagnostics Analyzer provides the facilities to scan and identify data within memory dumps that may be sensitive personal information (SPI). Because of the complexity of guidelines, requirements, and SPI data identification, the Analyzer requires installations to tailor its privacy controls for whatever unique distinctions are necessary to filter out SPI from diagnostic data. Over redaction is possible, which can negatively impact problem diagnosis. Most system areas are tagged as not having sensitive data, so it is possible for some SPI to escape redaction. At its core is an application that runs by using batch jobs. Those jobs may be tailored through an IPCS dialog, or manually managed by the installation. The details for setup and execution are found within the IPCS framework within z/OS MVS IPCS Customization, z/OS MVS IPCS Commands, and the z/OS MVS IPCS User's Guide.