How are Data Sovereignty, Residency and Privacy Requirements for Hosted Mitel Solutions handled by the IVP?

This article describes how Hosted Mitel Solutions are delivered via the Intelligent Voice Platform, and how this may relate to specific Data Sovereignty, Residency or Privacy Requirements.

Who is responsible for determining a Customer's Data Sovereignty, Residency and Privacy Requirements?

Partners are responsible for determining what Data Sovereignty, Residency or Privacy requirements may apply to their customers and selecting an appropriate IVP Region to deploy the Mitel Solution within that meets their requirements.

Mitel Solutions may be deployed globally within any IVP Region and where there is not a local region within the same country / jurisdiction as the end customer they may choose to deploy it in another nearby region at their discretion.

In situations where a Customer is multi-national, Partners may choose to use a centralized solution to service multiple countries if desired rather than deploying multiple instances in multiple countries unless required for regulatory reasons.

For Example:

Partner A has a customer in New Zealand and wants to deploy a hosted Mitel Solution, however today SecureCo has not yet deployed a local region in New Zealand and the closest region is AU1 in Sydney, Australia.

From an IVP point of view there are no restrictions preventing Partner A from deploying in the AU1 region and servicing the customer from Australia, provided that the partner has determined that there are no specific legislated requirements that apply to the customer and require the service to be hosted within New Zealand Jurisdiction.

What "Customer" data is typically stored within Hosted Mitel Solutions?

Hosted Mitel Solutions typically contain the following "customer" data:

  • Extension / User Details
    • Name (First Name and Last Name)
    • Email Address
    • Associated Phone Numbers and Extensions
    • Call Logs and History
    • Device Information and Credentials (E.g. SIP Username and Password)
    • User Password
    • User PIN
  • Feature Related Data:
    • Speed Dials
    • Call Forwarding
      • Call Forwarding Status (On / Off)
      • Call Forwarding Type (Always, Busy, No Answer)
      • Call Forwarding Destination (Extension or Phone Number)
    •  VoiceMail
      • Recorded Prompts
        • User / Mailbox Name
        • Greeting(s)
      • Received / Stored Messages including:
        • Date / Time of Call
        • Caller ID / Name if Available
    • Auto Attendant / Interactive Voice Response Menus
      • Prompts
      • Menu Structures / Options
    • Collaboration
      • Contacts
      • Instant Messaging History
      • Shared Files
    • Contact Center / ACD Queues
      • Queue Names
      • Queue Members (Users who are Agents in the Queue)
      • Queue Logs / Statistics (May Contain Calling Numbers)

Note: This is not intended to be an exhaustive list but to provide general guidance on the type of data collected and stored within the Mitel Platform.

Where is data associated with a Mitel Solution stored or replicated?

All "Customer" Data contained within a Hosted Mitel Instance is stored locally in the IVP region nominated by the Partner or Customer when they deploy the service and is not replicated or backed up into other regions by SecureCo.

This ensures that all data within the Instance is kept within the same jurisdiction as the IVP region selected by the Partner during deployment to avoid issues.

Note: Where Customers or Partners choose to extract data from or backup the solution and download those backups or store them on third party services, it is up to the Partner / Customer to ensure that any requirements for data sovereignty or data residency are handled appropriately.

For Example: 
A Mitel Hosted Solution is deployed by a partner who selected the IVP Washington DC Region (US1) during setup, which results in all data within the Mitel instance being stored in Washington DC within the United States of America and not replicated to any other locations by the IVP or SecureCo.

Once the solution is configured and in use by their end customer, the partner sets up a scheduled backup that is pushed to an external location outside the IVP, creating a backup copy of the data contained within the system which is regarded as "uncontrolled".

In this situation, the partner is responsible for ensuring the "uncontrolled" backup data is secured appropriately and handled in-line with any applicable sovereignty or data residency requirements.

Does the Redundancy Addon impact where data is stored or replicated?

No - The redundancy Addon will only allow deployment of redundancy within the same IVP region that the Mitel Solution is deployed within and as a product rule does not allow deployment of the redundant elements into a different IVP Region that may be in a different country or jurisdiction.

This ensures that all data within the Mitel Instance is kept within the jurisdiction nominated by the Customer or Partner during deployment of the services.

For Example:

A Mitel Hosted solution deployed in the IVP Australia Region (AU1) has the redundancy addon enabled to provide high availability and resiliency.

Redundancy is provided via additional virtual infrastructure being orchestrated within the IVP AU1 region within an alternate physical datacenter to provide redundancy and basic geodiversity but importantly does not replicate any data outside the AU1 IVP Region, Sydney as a City or outside Australia.

Does using certain IVP Features or Connectors impact where Instance data is stored?

No - Storage of data within the Mitel platform is not impacted by the usage of features or connectors available via the IVP.

However, all data exchanged with third party platforms via Features or Connectors falls outside the scope of the Mitel Solution Hosting and the IVP in general, so partners should ensure that the appropriate Data Sovereignty, Residency and Privacy needs are met based on the third-party provider's terms and conditions.