I have clients that process personal data and they even need to have 'special' processing agreements with companies like wetransfer and outlook.com. I had to sign also such agreement and prepare a vm for hot/cold data encryption for processing personal data. If someone leaves a voice mail message, he does not expect that this is going to be send to a third party. I think this expectation causes the gdpr 'by default' highest privacy/security of personal data protection to be applicable. Lots of companies are being fined currently for breaching gdpr, small, large, international even nation governmental organisations. Better check this. -----Original Message----- Subject: RE: How to Modify Message and add more Attachments Can you elaborate on the concern? -----Original Message----- From: Marc Roos <M.Roos at f1-outsourcing.eu> Sent: Tuesday, October 6, 2020 4:17 PM To: dovecot <dovecot at dovecot.org>; Mrinal Sharma <msharma at smithmicro.com> Subject: RE: How to Modify Message and add more Attachments CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe. If are processing Europeans voice mail you have to check if that is even allowed, could be a problem with GDPR legislation. -----Original Message----- Subject: RE: How to Modify Message and add more Attachments Thanks, am planning to use Google's Speech-to-Text. -----Original Message----- Sent: Tuesday, October 6, 2020 3:39 PM To: dovecot <dovecot at dovecot.org>; Mrinal Sharma <msharma at smithmicro.com> Subject: RE: How to Modify Message and add more Attachments CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hmmm, that does not sound nice storing files as email. Maybe use document database? Look at this[1], see if it is possible to use the rados plugin to store files directly as objects? What are you using for speech to text? [1] https://github.com/ceph-dovecot/dovecot-ceph-plugin -----Original Message----- To: dovecot at dovecot.org Subject: How to Modify Message and add more Attachments Hello Everyone, I am working on a product in which we are planning to store voice messages in Dovecot sent by a user to another user. The message would be stored as an email with .wav attachment. Once the Voice message is received, it may get Transcribed. The message can be further be processed and more information can be added to the message later. The original plan was to Modify the email and add New information as attachments to same message. As I understood, messages stored in Dovecot are immutable. What is the best option to achieve this functionality? Thanks, Mrinal
Sebastian Nielsen
2020-Oct-06 21:28 UTC
SV: How to Modify Message and add more Attachments
Thats because in your example the data is sent outside the facility to a third party (in this case, wetransfer/outlook) And wetransfer/outlook is operated in third countries, which can cause GDPR problems as the legal protection for the data disappears. The OP were asking about a solution which modifies email which have already been received in a local, secure facility to add the voice mail to locally stored messages. Thats not prohibited. Imagine if the OP has a SIP server and email server inside the same physical machine. Do you really think it would be prohibited to move a file from "asterisk/vm" to "var/spool/mail/"? The security for the data is the same regardless of which format is used. -----Ursprungligt meddelande----- Fr?n: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> F?r Marc Roos Skickat: den 6 oktober 2020 23:23 Till: dovecot <dovecot at dovecot.org>; msharma <msharma at smithmicro.com> ?mne: RE: How to Modify Message and add more Attachments I have clients that process personal data and they even need to have 'special' processing agreements with companies like wetransfer and outlook.com. I had to sign also such agreement and prepare a vm for hot/cold data encryption for processing personal data. If someone leaves a voice mail message, he does not expect that this is going to be send to a third party. I think this expectation causes the gdpr 'by default' highest privacy/security of personal data protection to be applicable. Lots of companies are being fined currently for breaching gdpr, small, large, international even nation governmental organisations. Better check this. -----Original Message----- Subject: RE: How to Modify Message and add more Attachments Can you elaborate on the concern? -----Original Message----- From: Marc Roos <M.Roos at f1-outsourcing.eu> Sent: Tuesday, October 6, 2020 4:17 PM To: dovecot <dovecot at dovecot.org>; Mrinal Sharma <msharma at smithmicro.com> Subject: RE: How to Modify Message and add more Attachments CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe. If are processing Europeans voice mail you have to check if that is even allowed, could be a problem with GDPR legislation. -----Original Message----- Subject: RE: How to Modify Message and add more Attachments Thanks, am planning to use Google's Speech-to-Text. -----Original Message----- Sent: Tuesday, October 6, 2020 3:39 PM To: dovecot <dovecot at dovecot.org>; Mrinal Sharma <msharma at smithmicro.com> Subject: RE: How to Modify Message and add more Attachments CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hmmm, that does not sound nice storing files as email. Maybe use document database? Look at this[1], see if it is possible to use the rados plugin to store files directly as objects? What are you using for speech to text? [1] https://github.com/ceph-dovecot/dovecot-ceph-plugin -----Original Message----- To: dovecot at dovecot.org Subject: How to Modify Message and add more Attachments Hello Everyone, I am working on a product in which we are planning to store voice messages in Dovecot sent by a user to another user. The message would be stored as an email with .wav attachment. Once the Voice message is received, it may get Transcribed. The message can be further be processed and more information can be added to the message later. The original plan was to Modify the email and add New information as attachments to same message. As I understood, messages stored in Dovecot are immutable. What is the best option to achieve this functionality? Thanks, Mrinal -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5715 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20201006/8689f65d/attachment.p7s>
>>Thats because in your example the data is sent outside the facility to a third party (in this case, wetransfer/outlook) And wetransfer/outlook is operated in third countries, which can cause GDPR problems as the legal protection for the data disappears. > That is just a part. We had to sign such agreement between companies in the same country, city even. Data is not even leaving the country. Putting personal data at a third party requires a processing agreement. >The OP were asking about a solution which modifies email which have already been received in a local, secure facility to add the voice mail to locally stored messages. >Thats not prohibited. That has not been questioned, sending that data to google is being questioned. >Imagine if the OP has a SIP server and email server inside the same physical machine. Do you really think it would be prohibited to move a file from "asterisk/vm" to "var/spool/mail/"? No because it belongs to the expected necessary processing activities of a voip provider. This voip provider cannot just send these files to facebook that is easy to understand. So you can not send these files to google as well. Does not matter if they have some fancy AD processing api. >The security for the data is the same regardless of which format is used. Obviously