‎PII Masking and Data Protection | Sprinklr Help Center

PII Masking and Data Protection

Updated

5 days ago

Personally Identifiable Information (PII) Masking in Sprinklr refers to the process of identifying and securing sensitive personal information with the platform to ensure compliance with data privacy regulations (like GDPR, CCPA) and protect user data from unauthorized access.

It involves hiding or obfuscating personal data such as names, email addresses, phone numbers, credit card details, or any information that can identify an individual. It helps to safeguard user privacy, and reduce the risk of data breaches or misuse.

Also, Whenever PII is masked, a marker is displayed on the recording timeline at the corresponding message timestamp in the case analytics view.

Enablement Note: To learn more about getting this capability enabled in your environment, please work with your Success Manager.

Permissions

To use this functionality, you need to have the ability to view, create, edit, and delete under Masking Configuration. You may efficiently develop, manage, and mask templates in accordance with the requirements thanks to these permissions.

The following table describes the definitions of the permissions listed.

Permissions	Definition
View	The View permission determines whether a user or role can access and view unmasked sensitive data classified as PII. The View permission is a user or role-based control.
Create	The Create permission determines whether a user or role has the ability to define, configure, or apply new masking rules and policies for PII data within a system. This permission is critical for ensuring that masking is implemented securely and consistently across sensitive data.
Edit	The Edit permission allows users or roles to modify existing masking rules, policies, or configurations related to protecting PII data. The permission ensures that only authorized personnel can update how sensitive data is masked, balancing flexibility with security.
Delete	This permission allows authorized users or roles to remove existing masking rules, policies, or configurations. This permission is critical and must be tightly controlled, as deleting masking rules can expose sensitive PII data, and impact with compliance with data privacy regulations.

Creating Masking Template

This section gives you an overview on creating a Masking Template using the following two screens:

Overview
Masking Details

Entering Overview Details

On the Launchpad, click on All Settings under the Settings option on the Platform Modules section.

2. On the Platform Settings screen, click Manage Customer from the left panel and then click Masking.

3. The Masking Templates screen lists the templates shared with the user. Based on the granted permission, you can Create, Edit or Delete a template by clicking on the three dots next to the template.

4. Click on + Add masking Template. The Create Masking Template screen is displayed.

5. Enter the Name of the Masking Template.

6. Enter a brief description of the Masking Template in the Description box.

7. Toggle the Enable for voice Channels to enable the masking for voice interactions. This toggle remains disabled if the masking is enabled for digital messages.

8. In the Message Conditions section, you can define various conditions based on which messages are filtered that require masking.

Where: Depending upon whether the Enable for voice Channels toggle is enabled or disabled, various options will get populated in the Accounts drop-down. Select Attributes, Operator, and Values. If enabled, voice accounts will get populated, else digital social accounts will apear in the dropdown.
Note: t is mandatory to select atleast one Account from the Select Values drop-down list.
+ Add Condition: Clicking on this will populate another row of filters next to AND to Select Attribute, Operator and Values. You can select one of the following attributes from the Select Attribute dropdown:
- Message Type: Defines the type of messages you want to mask.
- Channels: Masks messages from a specific channel.
- In Fan Post: Marking it True will mask the Fan messages. Marking it False will mask the Brand messages instead.

9. Using User/User Groups drop-down, you can select the user or user groups with whom you want to share the masking details.

Entering Masking Details

Perform the following steps to select the preferred type of masking and the various approaches.

Under the Approach section, enable the AI Based toggle to involve the use of artificial intelligence to automatically identify and obscure sensitive information within user-generated content, or enable the Regex Based toggle to identify and obscure sensitive information by matching specific patterns in text.
Select a condition from the Mask after time dropdown that determines when to perform masking.
Select a masking character from the Masking Character dropdown.
Select the Type of Masking, Permanent or Conditional.
Under Additional Settings, enable the Mask Audio toggle to mask the audio along with its transcript.

The following table provides information on the parameter names and their description available on the Masking Details screen:

Parameter Name	Description
Approach	AI Based: These techniques ensure privacy, compliance, and security across customer interactions. AI Based Masking is supported for English, French, Italian, German, Arabic and Urdu languages. Once the AI Based toggle is enabled, you can view the following two options: Entities: Following is a list of fifty entities supported in AI-Based Masking PREFIX – Prefix PHONEIMEI - Phone IMEI USERNAME - Username GENDER - Gender URL - URL JOBAREA - Job Area EMAIL - Email JOBTYPE - Job Type COMPANYNAME - Company Name JOBTITLE - Job Title STREET - Street SECONDARYADDRESS - Secondary Address COUNTY - County AGE - Age USERAGENT - User Agent ACCOUNTNAME - Account Name ACCOUNTNUMBER - Account Number CURRENCYSYMBOL - Currency Symbol AMOUNT - Amount CREDITCARDISSUER - Credit Card Issuer CREDITCARDNUMBER - Credit Card Number CREDITCARDCVV - Credit Card CVV PHONENUMBER - Phone Number SEX - Sex IP - IP Address ETHEREUMADDRESS - Ethereum Address BITCOINADDRESS - Bitcoin Address MIDDLENAME - Middle Name IBAN - International Bank Account Number VEHICLEVRM - Vehicle VRM Code DOB - Date of Birth PIN - Credit Card Pin CURRENCY - Currency PASSWORD - Password CURRENCYNAME - Currency Name LITECOINADDRESS - Lite Coin Address CURRENCYCODE - Currency Code BUILDINGNUMBER - Building Number ORDINALDIRECTION - Ordinal Direction MASKEDNUMBER - Masked Number ZIPCODE - Zip Code BIC - Bank Identification Code IPV4 - IPV4 Address IPV6 - IPV6 Address MAC - MAC Address NEARBYGPSCOORDINATE - GPS Coordinate VEHICLEVIN - Vehicle VIN EYECOLOR - Eye Color HEIGHT - Height SSN - Social Security Number Exempt Words: These words are recognized by the AI as non-sensitive and are allowed to remain visible even if they resemble entities typically masked (For example, names, locations, or numbers). You also have an option to add an attachment either in the form of csv or xls. Regex Based: This masking technique refers to the use of Regular Expressions (Regex) to identify and obscure sensitive information by matching specific patterns in text. This technique provides a precise and customizable way to detect personally identifiable information (PII) like phone numbers, email addresses, credit card numbers, or other sensitive data formats. For example, a regex pattern for a credit card could be consecutive 16 digits. Here are few examples with some common regex: Example 1: n digit consecutive number in a message. Regex - \b\d{n}\b The message is "My phone number is +91 1234567890", then the regex \b\d{10}\b will identify 1234567890 as PII. Example 2: Credit Card Numbers in the format XXXX-XXXX-XXXX-XXXX. Regex - \b\d{4}-\d{4}-\d{4}-\d{4}\b The message is "My credit card number is 1234-5678-1234-5678", then the regex will identify 1234-5678-1234-5678 as PII.
Mask after time	Select the condition that determines the time to perform masking. From the dropdown, you can select one of the following: Message Creation Time: Refers to the timestamp at which a message or piece of content is created or received in the platform. The masking gets triggered after this. Call Disconnect Time: The Call Disconnect Time in PII Masking refers to the time period after a call has ended during which any data associated with the call is masked or removed from the system. This parameter ensures that sensitive data, such as phone numbers, credit card details, or personal information shared during a conversation, is not stored in logs or recordings beyond a defined time frame. Note: Call Disconnect time is only relevant for calls which are made on the platform. This functionality will not work for imported calls. Trigger On-Demand: Sometimes if you want to use the Create Masking Template to manually trigger masking in some cases through Rule Engine, then you can use Trigger On-Demand. Masking templates can be triggered through Case Update rules. To execute a masking template In Case Update rule, Create an Action box and go to "Action on Universal Case" Search for the action - Execute Masking Configuration Select the PII masking template. Only those templates where Mask After time is selected as Trigger On-Demand will show in the dropdown.
Masking Character	A Masking Character refers to the symbol or character used to replace sensitive portions of data to ensure that personal information is protected while retaining the overall structure of the data. For example, if an email address johndoe@example.com is masked using a masking character , it might appear as *doe@********.
Type	There are two types of Masking that are supported in Sprinklr: Permanent: Refers to the irreversible process of obfuscating sensitive information (such as email addressses, phone numbers, or other Personally Identifiable Information) so that the original data cannot be retrieved or restored after masking. Note: Once permanent masking is applied, the data cannot be unmasked. Ensure thorough testing and alignment before enabling this feature. Conditional: Refers to the process of masking information based on predefined rules or conditions. This ensures that Personally Identifiable Information (PII) is masked only when certain criteria are met, allowing for more dynamic and context-aware data protection. For example, if you want to mask a certain data but you also want certain users in the platform to get a view of that masked data, like in legal cases, where a legal team can access certain part of a call when a lawsuit is filed by the user.
Additional Settings	Mask Audio: Parts of an audio recording containing sensitive information (For example, names, phone numbers, credit card details) are automatically detected and masked with beep sounds, during or after the conversation, if the Mask Audio toggle is enabled. Additionally, visual markers appear on the recording timeline to highlight these masked segments, aligning with the PII-masked segments message in the Case Analytics view. Note: You get this option if the Enable for voice Channels toggle is enabled under Overview. However, this option is not visible in case the toggle is disabled. Access to Masking Audio for certain segment is controlled by the dynamic property. To enable this feature in your environment, contact your Success Manager. Alternatively, you can submit a request at tickets@sprinklr.com.

Performing PII Unmasking

Perform the following steps to unmask PII:

Create a rule. Under Change Properties of Message, select the Search Pattern and Take Action and set the value to Yes.
In the associated Text field, input the specific regex pattern representing sensitive information that you wish to unmask in digital and voice conversations.
Once you've defined the pattern, click Add Action. From the list of actions, choose Unmask PII entities. This action will identify any masked sensitive information matching the specified pattern and unmask it accordingly.
Click Save.