Does HIA register the IP address of the device that is used to visit HIA?

[JLijftogt]

As PO of HIA I want to know whether our system (dashboard) registers & saves the IP address of the device that a PA uses to access the web-app So that I know how to follow-up and be data & digital responsible

Does Azure process any of the data in the dashboard?

[elwinschmitz]

In our code we've configured Application-Insights as defined here: https://github.com/rodekruis/helpful-information/blob/main/src/app/services/logging.service.ts#L26-L35

And it is not explicitly clear there (apart from not using cookies)..

But in the ApplicationInsights dashboard(s) all I can see is the IP-address 0.0.0.0 (So it is clearly anonymized).

---

https://docs.microsoft.com/en-us/azure/azure-monitor/app/data-retention-privacy#the-classes-of-collected-data

This page explains how data/what data is retained/stored. Below that table is a note:

Client IP is used to infer geographic location, but by default IP data is no longer stored and all zeroes are written to the associated field.

Thats why we can't see the specific IP-addresses.

[JLijftogt]

@elwinschmitz

Many thanks! Few follow-up questions to understand the process around the IP-addresses a bit better:

• Does that mean we're storing geographic data in the form of a location? No right?
• Where in the process (and in what tool) are the IP addresses translated to anonymous 0.0.0.0?
• Related to that: can anyone (e.g. a back-end developer from 510 or Azure) get access to these "personal" IP addresses somewhere?
• How do this relate to the fact that we can see # unique visits and the # total visits in the dashboard?

If better, we can schedule a 30 minute call to discuss this (with Melanie as well)

[elwinschmitz]

• Does that mean we're storing geographic data in the form of a location? No right?

Well, in ApplicationInsights we can find a "City" for each visit/event. This is what is meant by that last note. This data can be very specific, but can also be very wrong/inaccurate. It depends on how your (mobile-/VPN) internet-provider handles your IP-address. (Sometimes, while at home in Delft I seem to come from Amsterdam, but that is because my provider reroutes my internet through their servers there or something.)

• Where in the process (and in what tool) are the IP addresses translated to anonymous 0.0.0.0?

Somewhere at the 'entrance-point' of ApplicationInsights. (Not within our control)

• Related to that: can anyone (e.g. a back-end developer from 510 or Azure) get access to these "personal" IP addresses somewhere?

Technically, some Azure/Microsoft-employee maybe. But the data is not available to any Azure-user.

• How do this relate to the fact that we can see # unique visits and the # total visits in the dashboard?

ApplicationInsights generates an anonymized, unique userId at this 'entry-point' (based on multiple properties, including IP). That userId is used in the charts/reports.