Personally Identifiable Information & Privacy Compliance

Updated 

5 months ago

Data privacy could be a concern while dealing with the personal information of the user's data. Sprinklr is already compliant and listens to only publicly available data, but different organizations might have different sets of rules for viewing or sharing PII. Sprinklr provides you with multiple features to ensure your Brand’s compliance with the General Data Protection Regulation (GDPR) and other external/internal data regulation policies, thereby, inculcating data safety best practices in your work environment.

As a user of social media data through Sprinklr, you might have the following concerns –

  • How do I ensure that my team and I do not view or share sensitive information accidentally or otherwise?

  • My organization belongs to one of the public sector organizations. Can the platform be made compliant with Twitter’s strict rules for such users?

  • My organization has specific rules for hiding personal information. Can the platform be customized for my specific compliance use cases?

To answer these questions and more, this article will take you through Sprinklr's compliance features and how you can customize your environment according to your organization’s compliance needs.

Masking and unmasking of Personally Identifiable Information (PII)

Any Personal Information which can be used to trace a mention back to a certain user is considered PII. The dimensions in the platform which are masked to achieve this are given below –

  • Profile Name

  • Profile Image

  • Permalinks/Message URLs

  • Sender User Id

  • Sender Screen Name

  • Sender Listed Name

  • Sender Profile Image URL

  • Sender Profile Link

  • Receiver Id

  • Receiver Screen Name

  • Sender Email

You now have the flexibility to mask sensitive profile data points that you deem necessary, excluding those which agents may use while engaging with customers, such as customer names.

Note: Hashtags are masked in API response by default.

Once masking is enabled in a client environment, PII in Listening data is masked across the platform in the following areas –

  • Listening Insights

    • Listening Dashboards

    • Exports

    • External API

    • External Links

      Note: For external links, the Hide PII Data option can be used to mask the data in a specific external link. This only becomes visible if PII masking is enabled in the client environment.

  • Listening Explorer (Quick Search, Trending Topics, Smart Quick Insights)

  • Display & Presentations

  • Mobile App

  • Engagement Columns

  • Case Columns

  • All Alert Emails 

  • Drilldown and Third Pane

  • Scheduled Reports

  • Scheduled Exports

  • Widget builder preview

  • Smart Theme Explorer & it is right pane stream

  • Benchmarking (Fan Comments)

  • Media Insights

    • Story Dashboards (Standard & Custom)

    • Newsletters

    • Stories Dashboard (under Overview & Social sections)

    • Exports

    • External API

    • External Links

    • Third pane and drilldowns

According to your specific compliance requirements, some custom configurations can be made. These configurations need to be specified at the time of requesting the masking enablement through a support ticket.

The possible configurations are –

  1. Earned v/s Owned Data Masking: In cases where a client does not want the masking of owned data i.e. mentions where a user has engaged with the brand on social media, a custom configuration can be made so that only earned data is masked in the platform.

    Note:

    Definition of Engaged User: If any message is ingested via an owned account (accounts added into Sprinklr), the sender and receiver of the message are classified as engaged.

  2. Exports and External Links: In cases where a client does not want PII data masking in any UI element, but only in external links and exports shared.

    Note: This enablement will mask PII data in all platform components as defined in section 2 (Platform Areas).

  3. Source-specific Masking: In cases where PII for one data source is masked but is visible for all other sources.

    Note:

    Use case: This can be done for a source’s compliance rules like Twitter for public sector organisations, once enabled – PII for messages from Twitter will be masked, for all other social channels, PII will be visible).

  4. Message-level Data Masking: In cases where complete message text or a part of the message needs to be masked.

    1. Complete PII Masking: In cases where complete message text needs to be masked. If this is enabled, all messages will be masked with template text - "Data restricted due to privacy compliance"

      • In order to unmask this type of masking for a user, the following steps can be followed to provide the right permissions:

        • Launchpad > Roles & Permissions > New Role > Permissions > PII Compliance > Remove both 'View Unmasked PII Data' and 'View Message Text' permissions

    2. Regex Pattern Based PII Masking: In cases where some patterns of message text need to be masked e.g. Account numbers, Phone numbers, Email IDs. If this is enabled, the given fields appear masked with an overlay of X’s

      • In order to unmask this type of masking for a user, the following steps can be followed to provide the right permissions:

        • Launchpad > Roles & Permissions > New Role > Permissions > PII Compliance > Click on 'View Row Level PII Data' permission

      Use cases

      • Sensitive data like Account numbers, Phone numbers, Email IDs are masked with an overlay of X’s.

      • Twitter Compliance: For high risk level users, all Twitter mentions in platform appear with the overlay – This message is masked due to Twitter compliance for public-sector users.

Now that you know all this, are there any configurations you think should be enabled in your Sprinklr environment? If yes, just follow the steps given below –

  • Contact your Success Manager requesting the specific configuration of PII Masking you are looking for.

  • The Success Manger will discuss the use-cases for PII masking and any custom configurations with the Product Management team.

  • A detailed support request will be raised by the Success team to enable PII masking for the customer at partner level (masking cannot be enabled for a single workspace).

  • A separate support request is required for masking historical PII data.

  • Click the New Tab icon. Under Platform Modules, click All Settings within Listening.

  • On the Platform Settings window, search and select Workspace Roles. Click Create Role to create a new role. 

  • To add permission to an already existing role, click the Options icon preceding the role, and click Edit.

  • In the Select Users section, search and select the user(s) who will be having this permission.

  • In the Select Permissions section, search and select View Unmasked PII Data or View Message Text permissions based on the use-case. Click the + sign next to the permission to add it to the current role. The permissions can be given to achieve different levels of masking for different types of personas/user roles:

    Permission Name

    View Message Text

    True

    False

    View Unmasked PII Data

    True

    No masking

    Whole message masked 

    False

    PII / Regex based masking

    Whole message masked 

  • Click Save at the bottom.

Additional notes

  • Demographic dimensions like gender, age, profession, etc., can be plotted in widgets but drill-down into users or conversation streams will not show PII data.

  • All profile-related actions can be done – add to profile list, create profile/ domain-based topics, etc., however, users with no access to restricted data will not be able to locate the PII data of the users.

  • Engaging on messages for supported channels from Listening (via the third pane) is not supported because Engagement on masked/ unknown profiles blindly does not align with the scope of the feature.

Was this article helpful?

Related Articles

Loading...