Information security
IBM® is committed to providing our clients and partners with innovative data privacy, security, and governance solutions.
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that might affect the clients’ business and any actions the clients might need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all client situations and might have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
If you need to request GDPR support for IBM Cloud® Watson resources that are created
- In the European Union (EU), see Requesting support for IBM Cloud Watson resources created in the European Union.
- Outside of the EU, see Requesting support for resources outside the European Union.
European Union General Data Protection Regulation (GDPR)
IBM is committed to providing our clients and partners with innovative data privacy, security and governance solutions to assist them on their journey to GDPR compliance.
Learn more about IBM's own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.
Health Insurance Portability and Accountability Act (HIPAA)
IBM Cloud
US Health Insurance Portability and Accountability Act (HIPAA) support is available for Premium plans that are hosted in the Washington, DC, (us-east) and Dallas (us-south) locations. For more information, see Enabling EU and HIPAA supported settings.
Do not include personal health information (PHI) in data that is to be added to custom models. Specifically, be sure to remove any PHI from data that you use for custom language models or custom acoustic models.
Labeling and deleting data in the Speech to Text service
The IBM Watson® Speech to Text service enables you to delete all data that is associated with recognition requests, custom language models, and custom acoustic models. To delete data, you must do the following:
- Use the
X-Watson-Metadataheader to associate a customer ID with data that is passed by a request to the service; see Specifying a customer ID. - Use the
DELETE /v1/user_datamethod to delete all data that is associated with a specified customer ID; see Deleting data.
By default, no customer ID is associated with data.
Experimental and beta features are not intended for use with a production environment and therefore are not guaranteed to function as expected when labeling and deleting data. Experimental and beta features should not be used when implementing a solution that requires the labeling and deletion of data.
Specifying a customer ID
To associate a customer ID with data, include the X-Watson-Metadata header with the request that passes the information. You pass the string customer_id={id} as the argument of the header.
A customer ID can include any characters except for the ; (semicolon) and = (equals sign). Specify a random or generic string for the customer ID; do not specify a personally identifiable string, such as an email
address or Twitter ID. You can specify different customer IDs with different requests. A customer ID that you specify is associated with the instance of the service whose credentials are used with the request; only credentials for that instance
of the service can delete data associated with the ID.
Supported methods
You can use the X-Watson-Metadata header with the following methods:
-
With WebSocket requests:
/v1/recognize
You specify the customer ID with the
x-watson-metadataquery parameter of the request to open the connection. You must URL-encode the argument to the query parameter, for example,customer_id%3dmy_customer_ID. The customer ID is associated with all data that is passed with recognition requests sent over the connection. -
With synchronous HTTP requests:
POST /v1/recognize
The customer ID is associated with the data that is sent with the individual request.
-
With asynchronous HTTP requests:
POST /v1/register_callbackPOST /v1/recognitions
The customer ID is associated with the allowlisted callback URL or with the data that is sent with the individual recognition request.
-
With requests to add corpora, custom words, or grammars to custom language models:
POST /v1/customizations/{customization_id}/corpora/{corpus_name}POST /v1/customizations/{customization_id}/wordsPUT /v1/customizations/{customization_id}/words/{word_name}POST /v1/customizations/{customization_id}/grammars/{grammar_name}
The customer ID is associated with the corpora, custom words, or grammars that are added or updated by the request.
-
With requests to add audio resources to custom acoustic models:
POST /v1/acoustic_customizations/{customization_id}/audio/{audio_name}
The customer ID is associated with the audio resource that is added or updated by the request.
Specify a customer ID example
The following example associates the customer ID my_customer_ID with the data passed with a POST /v1/recognize request:
IBM Cloud
curl -X POST -u "apikey:{apikey}" \
--header "X-Watson-Metadata: customer_id=my_customer_ID" \
--header "Content-Type: audio/wav" \
--data-binary @audio.wav \
"{url}/v1/recognize"
IBM Cloud Pak for Data
curl -X POST \
--header "Authorization: Bearer {token}" \
--header "X-Watson-Metadata: customer_id=my_customer_ID" \
--header "Content-Type: audio/wav" \
--data-binary @audio.wav \
"{url}/v1/recognize"
Deleting customer data
To delete all data that is associated with a customer ID, use the DELETE /v1/user_data method. You pass the string customer_id={id} as a query parameter with the request.
The /v1/user_data method deletes all data that is associated with the specified customer ID, regardless of the method by which the information was added. The method has no effect if no data is associated with the customer ID.
You must issue the request with credentials for the same instance of the service that was used to associate the customer ID with the data.
Delete customer data example
The following example deletes all data for the customer ID my_customer_ID:
IBM Cloud
curl -X DELETE -u "apikey:{apikey}" \
"{url}/v1/user_data?customer_id=my_customer_ID"
IBM Cloud Pak for Data
curl -X DELETE \
--header "Authorization: Bearer {token}" \
"{url}/v1/user_data?customer_id=my_customer_ID"
Deletion of all data for a Speech to Text service instance
IBM Cloud
If you delete an instance of the Speech to Text service from the IBM Cloud console, all data associated with that service instance is automatically deleted. This includes all custom language models, corpora, grammars, and words; all custom acoustic models and audio resources; all registered endpoints for the asynchronous HTTP interface; and all data related to speech recognition requests.
This data is purged automatically and regardless of whether a customer ID is associated with the data. Once you delete a service instance, you can no longer restore any of the deleted data.