CloudCherry is now part of Cisco.
Learn More About Cisco

PII Handling in Experience Management

Personally Identifiable Information (PII)

Most businesses collecting feedback from their customers usually care about the sensitivity of any PII data that is being collected and stored along with the customer’s feedback. Additionally, concerns around the handling of PII data in the context of running a compliant business.

In such cases, the ability to restrict PII data storage, or storing it in ways that do not expose this data to certain users like vendors, partners, external support teams, would be useful. Experience Management allows for marking certain data (question types) as PII in its questionnaires. This data being a part of customer feedback, could be from a customer-facing question or a pre-fill question.

Marking a question as PII will further allow admins and users to decide how to manage this PII data. This includes:

How to mark a question as PII?

In Experience Management, specific question types are allowed to be marked as PII. Only once marked as PII, users can decide the behavior of how to handle this data. The questions that can be marked as PII are:

To mark any of these questions as PII in a questionnaire, users can go to the question in the questionnaire and find the option “Mark as Personally Identifiable Information (PII)" under the Question Settings tab in the right panel.


delivery-Policy-screen-shot/MarkPII/Mark_PII.png


Once marked as PII, users can then decide how to handle this PII data using one of the available options.

1. Hashing PII Data

Hashing is the most compliant way of handling PII data and is also the default setting for all questions marked as PII unless changed otherwise. Hashing ensure that PII data is NOT stored on the Experience Management responses database.

PII data can be hashed using one of the available hashing algorithms. These are SHA 256, SHA 384, SHA 512. The algorithm to be used for hashing needs to be defined at a questionnaire level to ensure all data marked as PII for any given questionnaire is handled with consistency. It is strongly recommended that the same algorithm is used across all questionnaires as well unless there is a good reason to not do so.

Users can select the desired hashing algorithm for any questionnaire in the Questionnaire Settings tab in the right panel.


delivery-Policy-screen-shot/MarkPII/Hash_algo.png


Apart from configuring the hashing algorithm for the questionnaire and setting the question marked as PII to hash using the algorithm, the admin will have to ensure the hashing algorithms are setup correctly in the partner hosted module for dispatching invites. More information on this is available in the Partner Architecture Guide


IMPORTANT – After selecting a hashing algorithm and enabling hashing for questions marked as PII, it is important to ensure the partner or vendor responsible for sending out invites to surveys has configured this correctly. In a rare scenario, if the required hashing algorithms are not setup correctly in the partner hosted module then Experience Management will use the default hashing algorithm sha512 to hash questions marked as PII set to hash data.

To lookup hashed data in Experience Management, let’s say a user wants to look up a staff member’s NPS, but the staff member’s name is marked as PII and hashed using SHA256.

In this case, after converting the <text> to lowercase, the response will be hashed using sha256:<text>. Note that converting the <text> to lowercase is important as the hash values will change for different cases, you can’t do a case-sensitive search when the values are hashed.

For example:

  1. John Doe (63d65bfe030ff5cbaac27bb8c9215bf7b1c635b3a8ed7ee9ad45eccf9e4b2e2f)
  2. john doe (c2713b62c903791bdefc5a6a99df04d4330de491bbc7a0ca6a5007337e4a6028)

both result in different SHA256 hashes due to difference in case, so It’s recommended to hash only after converting to lowercase.

Limitations:

A limitation on Experience Management with hashed data to keep in mind is that search and filters cannot be used with partial data. For Example, is stored without hashing then users can search for John or apply filters as contains “John” however, in case the PII is hashed, they will not be able to search using partial data and will have to search for “John Doe”.


2. Masking PII data

Enabling masking of PII data will allow the data to be stored in Experience Management responses database, but ensure that this is not readable by any user of Experience Management other than the admin. Ass users of Experience Management in this case will see the PII data masked with “x” making it difficult for such users to figure the actual data.

For example, email marked as PII and set to mask will be visible as ‘johndxxxxxsco.com’ instead of ‘johndoe@cisco.com’ across all modules of Experience Management.

IMPORTANT – A lookup of masked data is possible in case users need to search for responses for a specific customer, in which case they already know the PII data which can then be used to search and lookup responses, however, drill down in widgets will not be available for such data used in widgets.

To enable support and troubleshooting by some users, admins can provide temporary access to masked data for a limited time period to these users. Admins can do so under Users in CX Setup » Account Settings for each user or provide access to multiple users using bulk actions for users.

When enabled, these users will be able to view unmasked

You can allow a user to view data without masking for a while. You can also specify time until when they can view your data without any restriction, this is part of the user’s settings.


3. Store PII data

This option should be used carefully for PII data keeping in mind all compliance requirements as choosing storing PII data will apply no additional restrictions to the PII data and this will be stored in the Experience Management responses database as it is.



In Question

 {
        "id": "5e254f39f482c5f528a0e4cf",
        "user": "demo",
        "piiSettings": {
            "isPII": true,
            "piiType": "mask",
            "exceptionBy": null,
            "exceptionAt": null
       }
}

piiSettings.isPII - If true identify this as PII question.

piiSettings.piiType - Available options: Mask / Hash / None.


When a user changes the piiType from hash, that action is saved.

piiSettings.exceptionBy - Last user who changed it.

piiSettings.exceptionAt - When did the user change it.


In User

{
   "userName": "demo",
   "restrictPIIData": true,
   "allowRestrictedDataUntil": typeOf(Datetime)
}

restrictPIIData - If TRUE, mask data for the questions marked as PII in response.

allowRestrictedDataUntil - If set, show responses for questions which are marked as Restricted Data and PII.


Questionnaire Wise Config for Hashing Algorithm

hashPIIby- If Specified hash the response on collecting with algorithm specified EX: sha256 or sha384 or sha512, after converting the <text> to lowercase, hash the responses in the format sha256:<text> or sha384:<text>

Fetch account setting (GET: api/settings) to determine whether the Questionnaire has been migrated.

{
     "locationDataMigrated" :  true
}

If migrated, fetch questionnaire config for that specific survey questionnaire (GET: api/surveyquestionnaire) and identify the hashing algorithm,

{
     "name"  : "Demo Survey",
     "hashPIIBy"  :  "sha256"
}

if not migrated get it from settings,

{
     "locationDataMigrated"  : true,
     "locationList" : [
          {
               "name" : "Demo Survey",
               "hashPIIBy" : "sha256"
          }
     ]   
}