RE: How to Modify Message and add more Attachments
I have clients that process personal data and they even need to have 'special' processing agreements with companies like wetransfer and outlook.com. I had to sign also such agreement and prepare a vm for hot/cold data encryption for processing personal data. If someone leaves a voice mail message, he does not expect that this is going to be send to a third party. I think this expectation causes the gdpr 'by default' highest privacy/security of personal data protection to be applicable. Lots of companies are being fined currently for breaching gdpr, small, large, international even nation governmental organisations. Better check this.
-----Original Message----- Subject: RE: How to Modify Message and add more Attachments
Can you elaborate on the concern?
-----Original Message----- From: Marc Roos M.Roos@f1-outsourcing.eu Sent: Tuesday, October 6, 2020 4:17 PM To: dovecot dovecot@dovecot.org; Mrinal Sharma msharma@smithmicro.com Subject: RE: How to Modify Message and add more Attachments
CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe.
If are processing Europeans voice mail you have to check if that is even allowed, could be a problem with GDPR legislation.
-----Original Message----- Subject: RE: How to Modify Message and add more Attachments
Thanks, am planning to use Google's Speech-to-Text.
-----Original Message----- Sent: Tuesday, October 6, 2020 3:39 PM To: dovecot dovecot@dovecot.org; Mrinal Sharma msharma@smithmicro.com Subject: RE: How to Modify Message and add more Attachments
CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hmmm, that does not sound nice storing files as email. Maybe use document database? Look at this[1], see if it is possible to use the rados plugin to store files directly as objects?
What are you using for speech to text?
[1] https://github.com/ceph-dovecot/dovecot-ceph-plugin
-----Original Message----- To: dovecot@dovecot.org Subject: How to Modify Message and add more Attachments
Hello Everyone,
I am working on a product in which we are planning to store voice messages in Dovecot sent by a user to another user. The message would be stored as an email with .wav attachment. Once the Voice message is received, it may get Transcribed. The message can be further be processed and more information can be added to the message later. The original plan was to Modify the email and add New information as attachments to same message.
As I understood, messages stored in Dovecot are immutable. What is the best option to achieve this functionality?
Thanks,
Mrinal
Thats because in your example the data is sent outside the facility to a third party (in this case, wetransfer/outlook) And wetransfer/outlook is operated in third countries, which can cause GDPR problems as the legal protection for the data disappears.
The OP were asking about a solution which modifies email which have already been received in a local, secure facility to add the voice mail to locally stored messages. Thats not prohibited. Imagine if the OP has a SIP server and email server inside the same physical machine. Do you really think it would be prohibited to move a file from "asterisk/vm" to "var/spool/mail/"? The security for the data is the same regardless of which format is used.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org dovecot-bounces@dovecot.org För Marc Roos Skickat: den 6 oktober 2020 23:23 Till: dovecot dovecot@dovecot.org; msharma msharma@smithmicro.com Ämne: RE: How to Modify Message and add more Attachments
I have clients that process personal data and they even need to have 'special' processing agreements with companies like wetransfer and outlook.com. I had to sign also such agreement and prepare a vm for hot/cold data encryption for processing personal data. If someone leaves a voice mail message, he does not expect that this is going to be send to a third party. I think this expectation causes the gdpr 'by default' highest privacy/security of personal data protection to be applicable. Lots of companies are being fined currently for breaching gdpr, small, large, international even nation governmental organisations. Better check this.
-----Original Message----- Subject: RE: How to Modify Message and add more Attachments
Can you elaborate on the concern?
-----Original Message----- From: Marc Roos M.Roos@f1-outsourcing.eu Sent: Tuesday, October 6, 2020 4:17 PM To: dovecot dovecot@dovecot.org; Mrinal Sharma msharma@smithmicro.com Subject: RE: How to Modify Message and add more Attachments
CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe.
If are processing Europeans voice mail you have to check if that is even allowed, could be a problem with GDPR legislation.
-----Original Message----- Subject: RE: How to Modify Message and add more Attachments
Thanks, am planning to use Google's Speech-to-Text.
-----Original Message----- Sent: Tuesday, October 6, 2020 3:39 PM To: dovecot dovecot@dovecot.org; Mrinal Sharma msharma@smithmicro.com Subject: RE: How to Modify Message and add more Attachments
CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hmmm, that does not sound nice storing files as email. Maybe use document database? Look at this[1], see if it is possible to use the rados plugin to store files directly as objects?
What are you using for speech to text?
[1] https://github.com/ceph-dovecot/dovecot-ceph-plugin
-----Original Message----- To: dovecot@dovecot.org Subject: How to Modify Message and add more Attachments
Hello Everyone,
I am working on a product in which we are planning to store voice messages in Dovecot sent by a user to another user. The message would be stored as an email with .wav attachment. Once the Voice message is received, it may get Transcribed. The message can be further be processed and more information can be added to the message later. The original plan was to Modify the email and add New information as attachments to same message.
As I understood, messages stored in Dovecot are immutable. What is the best option to achieve this functionality?
Thanks,
Mrinal
Thats because in your example the data is sent outside the facility to
a third party (in this case, wetransfer/outlook) And wetransfer/outlook is operated in third countries, which can cause GDPR problems as the legal protection for the data disappears.
That is just a part. We had to sign such agreement between companies in the same country, city even. Data is not even leaving the country. Putting personal data at a third party requires a processing agreement.
The OP were asking about a solution which modifies email which have already been received in a local, secure facility to add the voice mail to locally stored messages. Thats not prohibited.
That has not been questioned, sending that data to google is being questioned.
Imagine if the OP has a SIP server and email server inside the same physical machine. Do you really think it would be prohibited to move a file from "asterisk/vm" to "var/spool/mail/"?
No because it belongs to the expected necessary processing activities of a voip provider. This voip provider cannot just send these files to facebook that is easy to understand. So you can not send these files to google as well. Does not matter if they have some fancy AD processing api.
The security for the data is the same regardless of which format is used.
Obviously
Agree completely. Sending data to third party requires a processing agreement yes. Its even enough that a third party has administrative access to the server (and thus potentially have access to data) - then a processing agreement is required.
When the data leaves EU, then its prohibited in many cases as you can't fine a company in for example iran for have disclosed details to a fourth party, thus disclosing to a third-party outside EU is prohibited even with a data processing agreement.
You are also correct that they can't send these files to facebook or Google.
What I wanted to point out, is that when people hear the word "email" they think a large can of GDPR worms is opened, but as long as email is done right, with restricted access and encrypted transfer and for sensitive things - a restriction so email can only be internally sent, all external domains blocked/prohibited, you can even use email to send super sensitive details.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org dovecot-bounces@dovecot.org För Marc Roos Skickat: den 6 oktober 2020 23:42 Till: dovecot dovecot@dovecot.org; sebastian sebastian@sebbe.eu Ämne: RE: SV: How to Modify Message and add more Attachments
Thats because in your example the data is sent outside the facility to a
third party (in this case, wetransfer/outlook) And wetransfer/outlook is operated in third countries, which can cause GDPR problems as the legal protection for the data disappears.
That is just a part. We had to sign such agreement between companies in the same country, city even. Data is not even leaving the country. Putting personal data at a third party requires a processing agreement.
The OP were asking about a solution which modifies email which have already been received in a local, secure facility to add the voice mail to locally stored messages. Thats not prohibited.
That has not been questioned, sending that data to google is being questioned.
Imagine if the OP has a SIP server and email server inside the same physical machine. Do you really think it would be prohibited to move a file from "asterisk/vm" to "var/spool/mail/"?
No because it belongs to the expected necessary processing activities of a voip provider. This voip provider cannot just send these files to facebook that is easy to understand. So you can not send these files to google as well. Does not matter if they have some fancy AD processing api.
The security for the data is the same regardless of which format is used.
Obviously
participants (2)
-
Marc Roos
-
Sebastian Nielsen