| A | B | C | D | E | F | G | |
|---|---|---|---|---|---|---|---|
1 | FireServiceRota Data Usage and Storage overview |  | |||||
2 | Data attribute | Description / Meaning | Example Value | Purpose/Usage | System containing | Visible to users' colleagues | Privacy / security risk |
3 | Id | Id of the user entity (unique) | 2294336 | Uniquely identify a user and a key to related data records. | Web application | Yes | None |
4 | External Identifiers | The external user ID used to login to a system external to FSR | VRT1000 | Used as a foreign key to exchange data with external HR systems | Web application | No | None |
5 | First Name | First name of user | Jan | Human readable identification of the user | Web application | Yes | Low |
6 | Last Name | Last name of user | De Vries | Human readable identification of the user | Web application | Yes | Low |
7 | Password | A secret code only the user knows. Our company cannot read the value as it is stored in an encrypted format. | 1LoveTheFireService! | Authentication | Web application | No | High, encrypted |
9 | Profile picture | Optimal picture the user can upload himself | :) | Help quick visual identification of who you are communicating with | Web application | Yes | Medium |
10 | Personnel Number | Personnel number of user often a reference to the contract a user has with the employer | 123123 | Set personnel number in user's profile | Web application | Only managers (supervisor and owner) | Medium |
11 | Membership periods | Periods detailing when a person was actively involved in a team, station, cluster or region within the customer's organisation. | 1960-02-08T11:00:00.000Z - 1960-03-08T11:00:00.000Z - | Make the user a member of the right station and facilitate data access rights. | Web application | Yes | Low |
12 | Address | The home or work addresses of the user. | Stationsweg 1 1111 AB AMSTERDAM | Show users on a map around the station | Web application | Yes | Medium |
13 | Rank | Rank a user is employed with | Crew Commander | Payroll export rules Internal station hierarchy information | Web application | Yes | Low |
14 | Skills | Primary skill | Officer in Charge, Driver | Evaluate appliance crewing level and warn for crewing deficiencies | Web application | Yes | Low |
15 | Email addresses | Email address, including the primary that acts as a login to the system | jan@devries.nl | Transactional email *only*, such as login, lost password recovery, service and support, and non-urgent (Prio2) message between users | Web application | Yes | High, secondary emails encrypted. Primary emails todo. |
16 | Phone numbers | Home, work, mobile or 'in case of emergency' phone numbers | 020-1234567 | Shared with colleagues to serve as group phonebook Send priority 1 urgent messages such as backup alerts Caller Id recognition to facilitate booking on/off by calling a phone number | Web application | Yes | High, encrypted |
17 | GPS data | Mobile device configured to share its location in real time. | 41°24'12.2"N 2°10'26.5"E. | Only applicable if user double opted-in. Can be switched off just as easy as it is to switch on. Is auto-deleted after 24 hours. Allow geofencing warnings when user is on-call and too far away. Allow showing user location when responding to an incident. | Web application | No | High, encrypted |
18 | Availability and shifts data | The moments a user is on-call available and/or has a shift. Can include reasons why the person is available (comments) or unavailable (leave, sickness) | 1960-02-08T11:00:00.000Z - 1960-02-08T15:00:00.000Z: available 1960-03-08T11:00:00.000Z - 1960-03-08T15:00:00.000Z: unavailable, comment: work | Evaluate appliance crewing level and warn for crewing deficiencies. Facilitate contractual compliance and payroll integration. | Web application | Yes | Medium |
19 | Attendance to activities | The moments a user is attending activities such as incidents or trainings. | 1960-02-08T11:00:00.000Z - 1960-02-08T15:00:00.000Z: attend incident ABC123 as commander | Facilitate payroll integration, planning of trainings and logging of incident reports. | Web application | Yes | Medium |
20 | Incident notes | Incidents notes provided by command & control centre software should not, but may sometimes contain sensitive information. | The victim is suspected to have condition XYZ | The incident notes inform attending firefighters at the time of the incident, but lose their value shortly after. We therefore remove incident notes from the incident record after 1 hour. | Web application | No | High |
21 | Contracts | A collection of rules that apply to a group of users, indicating working targets, leave allowance and checks/balances. Contracts apply to users for a certain period (can be open-ended) | 1920 hours per year | Facilitate business rules enforcement, contractual compliance reporting | Web application | Only managers (supervisor and owner) | Medium |
22 | Messages | Messages between (groups of) users, or announcements and polls | Are you joining the team BBQ next Sunday? | Facilitate communication internally | Web application | Limited | Medium |
23 | Support requests | User support questions and answers to these questions. May contain name, email and phone number. | How do I reset my password? | Help our users | Zendesk | No | Low |
24 | Database backups | All data stored in the 'Web application' system | 111010111000101010111010101110000 | Fully encrypted file containing a real-time copy of all data we have. Only readable by our company technical employees. | Amazon S3 | No | High, encrypted |
25 | Payroll | A list of coded line items describing the number of occurances and hours of attendance and work. | 1 incident attendance on incident [incident reference] from [start_time] to [end_time] for [user name] having role [role number] coded as [element code] against cost centre [cost centre] on date [date] | Create an overview of payable activities of firefighters. This overview can be sent to payroll systems for further processing. FireServiceRota describes activities but does NOT calculate actual payments. The output provided would generally NOT have a currency sign. | Web application | Only managers (supervisor and owner) | Medium |
26 | IP address | The address of the computer on the internet. | 192.168.2.1 | Only accessible for FSR admins for auditing purposes. Helps detect and analyse suspicious user transactions and login activity. | Web application | No | Medium |
27 | Browser user agent | The type of internet browser accessing the system. | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 | Only accessible for FSR admins for auditing and debugging purposes. | Web application | No | Low |
28 | Mobile and alerting devices | The smartphone apps and/or smart pagers connected to a user | iOS primary alerting app version ABC Swissphone pager with serial number DEF | Sending/receiving messages Debugging and auditing | Web application | No | Low |
29 | |||||||
30 | |||||||
31 | |||||||
32 | |||||||
33 | |||||||
34 | |||||||
35 | |||||||
36 | |||||||
37 | |||||||
38 | |||||||
39 | |||||||
40 | |||||||