Who can see data held in the online model?
A user can access the information stored in their own personal areas, as well as anything stored in their shared organisational area. Organisations cannot see information saved in other organisations (except all users can see the Oxford Economics ‘Releases’ area).
We use Microsoft Azure’s Shared Responsibility model to encrypt data in transit and at rest. Access to the model data files is limited to authorised IT personnel in the interest of technical support and integrity testing during feature development. Using the principle of least privilege, conditional access and privilege identity management, some staff can access data in exceptional circumstances. Authorised personnel can see:
• The contents of forecasts and files stored in GMWO
• The model inputs which were used to generate those forecasts
• Any "model details" reports which are generated
• User activity on the site, such as logins
We use the Identity and Access Management Provider, Okta (formerly Auth0), to maintain confidentiality, availability and integrity during the authentication process. As before, all data is encrypted in transit and at rest. All events are logged and retained for 30 days.