Implemented Suggested 8/24/2021 by Berend Lantink

12

votes

Remove sensitive data in reply

Situation
Our customers send us messages. Sometimes that can include sensitive data, like passwords.

How we handle it now
1. The Technician assign the ticket to an Administrator.
2. The Administrator removes the sensitive data and assign it back.
3. The technician handles the ticket.

However, the data is still available in the edit log.
(but not send back by mail)

Wished for situation
1. The technician removes/censors the sensitive data himself via a censoring function.
2. The technician handles the ticket.

Note
1. We understand that it is undesirable to give a technician the right to edit a ticket.
Censoring by replacing part of the sensitive data seems to us to be the best option. 

2. There should be no log with the sensitive data.
It's fine when the ticket gets a mark that it's edited.
security

avatar
Alex Tech
The editing log is shown to technicians only, but we'll add an option to remove it, if the ticket is being edited by administrator.

Adding an option to edit a ticket by technician is tricky though, I predict a big backlash from customers who wouldn't want this.
10/21/2021 9:28 AM

Log in to comment...
get help Get help for this page
Powered by Jitbit HelpDesk