DevPortalPagoPA




Table of contents

Sensitive information

Services and messages that include particular categories of personal data and/or personal data related to criminal convictions and crimes must respect the provisions of the privacy regulation and are regulated by paragraph 7.3 of the IO guidelines.
The data in question is indicated in articles 9 and 10 GDPR, i.e.:
  • information that reveals the racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership;
  • generic data, biometric data means to univocally identify a physical person, data related to the heath or the sex life or sexual orientation of the person;
  • personal data related to criminal convictions or crimes or connected safety measures.
Therefore remember:
  • do not use sensitive information in the title of the message and make sure to minimize it in the body of the message;
  • use the models provided for the services.

Report a sensitive service:

If you intend to include sensitive data in your services and messages that they will send:
  • Via API, mark the service as "privacy-critical" (“require_secure_channel”: true);
  • Via Developer Portal or Reserved Area, mark the service as "Sensitive service" when you create the service tab. You will find this check among the detailed data of the service.

Haven't completed onboarding yet and need help?

Write an email describing your problem or question to the address areariservata@assistenza.pagopa.it.

Need help with APIs and Integration?

Write an email describing your problem or question to the address:

io-service-management@pagopa.it

Tell us what you think

To report problems or give feedback, leave a comment in the GitHub space of the IO app