All Modules - Ability to Hide Sensitive Data from Person Profiles
Grant Towers
Currently, all persons who have 'Read' access within any INX module can see the sensitive personal data (in the Person Details tab) for the people they have access for.
With greater legislative requirements in relation to the collection, storage and security of personal data (as well as obligations on organisations to be able to report a potential access and/or worse - a breach), organisations need to look at the data being stored.
The fields I am referring to are:
General: (most are needed, propose that DOB is hidden - only Admins need to see this)
Salutation, First Name, Last Name, Lookup Name, Employer, Supervisor, Network Username, Workgroup, Employee ID, Gender, Date of Birth, Mine Health Number
Additional Information: (custom fields I thin could be hidden)
USI Number (Custom Field - but I think many with InTuition would use it)
Work Contact Details: (agree these are needed)
Phone, Mobile, Fax, Onsite Contact, Email
Emergency Contact Details: (I believe these should all be hidden - unless Admin)
Contact Name, Relationship, Home Phone, Mobile, Address, Suburb, State, Post Code
Additional Contact Details: (I believe these should all be hidden - unless Admin)
Home Phone, Personal Mobile, Home Fax, Offsite Contact, Street Name, Suburb, State, Post Code
Request for Change:
I am requesting a number of different changes - one or more of these may address, but only for consideration:
- In the web UI - Hide all Sensitive Data (outside of the General Fields) to non-Administrators;
- In the web UI - Change the text to only show "xxxxx" where data is recorded for non-Administrators;
- In adhoc reports - remove the ability to report on 'sensitive fields' (IE modify the existing standard adhoc reports);
Separately, I also believe that the data should also be masked in the DB.
Swathi Murali
Thank you for your request. We have begun our initial investigation, focusing on the +Process module. I will share updates as we make progress.
Swathi Murali
Merged in a post:
Sensitive Fields
Renae Aitken
The sensitive field option in InFlight doesn't expand to the other modules. Considering the Personal Details Tab on a profile is a shared table across all the modules, If we hide sensitive fields in InFlight they should be hidden across all modules. The sensitive field option should have ability to hide emergency contact details and the additional contact details fields plus be customisable for any custom fields. We should be able to set the hidden fields to be viewable by security level, especially for Administrators or System Administrator but hidden from all other security levels. The same goes for the option to hide sensitive fields in app settings, we would like to be able to hide fields from all users except Admins and/or Sys Admins.
Ben Borin
unplanned - open for votes
Addy Ingham
Support this and would like to add the removal of the DOB from the event report PDF which is produced for all "event readers"