Ability to prohibit merging of tickets across organizations
Hi, we think it a good idea to restrict merging of tickets from different organizations. Mostly to prevent human error, as one of our agents accidentally merged two tickets from different companies. An easy mistake when ticket numbers are similar, but sadly for us it meant that details for company A were passed to company B. We can't see a reason in our business where we would need to merge tickets from different organizations so would like to have a setting that allows us to prevent this - could even be a permissions thing that is blocked at agent level, but allowed by admins?
This is a major ISO27K issue as if two diffrent organisation tickets were accidently merge confidential data would be accidently shared. We have had tickets shared accidently before and its easy to do but an option for us to set "do not allow merge tickets between diffrent organsiations" would be useful. As it is the merge functionality is useless without this as the risk of accidentasl ticket merge is to great
This is a serious problem. If we cannot prohibit by organization, is it possible to disable merging tickets entirely?
We had similar issues. On the Enterprise plan, you can create roles and disable merging altogether.
However, we would like the agents allowed to merge to STILL be restricted if the organizations are different (or at least a soft stop and reminder) so +1 from us!
I would like to bump this as we have had an issue today of a similar nature and it could be a contract breach in certain circumstances. Surely Zendesk has an obligation to develop this to protect's it's clients and subsequently the data of any person that interacts with the software.
Can there please be a response from Zendesk admin over this issue?
+1 - as per previous commentators, it would be good to see a reply from Zendesk on this feature.
At the very least a warning should be displayed, if not outright prohibited.
We would also find this very useful.
after sending an email to Zendesk support, i've got this answer:
Thanks for contacting Zendesk's Customer Advocacy team. I completely understand your concern regarding the ability to merge tickets between organizations. Building functionality to prevent that sort of behavior is a bit more complex and hasn't been completed as of yet. The community post is a feature request for that functionality. We have documentation on how the ticket merge functionality works here.
I'm happy to mark this ticket as product feedback and pass it along to our product managers to review to see if they can take this into account when developing the product in the near future.
Hope this helps. Let me know if I can assist further,
What can I say ... such a security and privacy is a "feature request" ?
email on that matter was just sent to Mikkel Svane (Zendesk CEO)
I want to chime in here as well. We are in the same boat as everyone else, GDPR is the primary concern obviously but we also have client-facing reputations to consider, as I am sure do everyone else. We work in a multi-branded environment, so accidentally merging tickets from multiple brands together (even if the same end-user) is potentially disastrous.
As others have rightly outlined, this should be considered a security risk, rather than a feature request. There is no way to 'undo' a merge, and so leaves us wide open for our customers (who may be in competition with each other) to access the PII of another, should an agent accidentally merge 2 tickets from different accounts.
+ 1 here
Either we should be able to prevent the issue or to correct it, but it's not acceptable to be blocked either way...
This is a major problem and has just created a GDPR breach.
Just yesterday a colleague of mine managed to merge several requests from different companies.
This should be dealt with as an urgent security fix, not a minor "feature request"
Agreed, this just happened today by accident and two customers from different organizations were replying to the same ticket. Definitely an issue that should be able to be controlled.
Where is a response from Zendesk?
I don't this that +1 is the issue.
This is a critical bug that can be a life changer for Zendesk, it can't be that Zendesk have not thought about it.
Thanks @Nicole. We've just had an incident where this resulted in customers receiving emails they should never have had. This is a major concern for us especially as we're in the UK and have to comply with GDPR.
I appreciate that not many people have voted for this issue but given the potential dangers and it's importance with regards to people's data I think it warrants a high priority. Plus I would assume it's not a particularly difficult issue to solve.
Did you get any response from the product team?
Thanks Nicole, GDPR, Mandatory data breach reporting (in some countries) and organisation reputation risks are all really important considerations for businesses servicing multiple clients with a solution such as Zendesk. The risks of a data breach could be minimised by tighter restrictions around ticket merging. I will take your advice and contact firstname.lastname@example.org and encourage others to do the same.
Agree this request would be very useful. We just had a ticket merged incorrectly into a different organisation's ticket and this had the potential to expose data that it shouldn't have. This then has implications for privacy reporting both here in Australia and GDPR.
Hi, i add my vote to the bucket.
Just yesterday a college of mine managed to merge several requests from different companies.
Depending on your customer group, this can be the end of your company, imagine merging requests from two high stakes competitors...
This feature request might not have many votes but the frequency of use of your community page should not prevent you from implementing important features, that should have been standard in the first place.
But i am willing to "bump" it into recent topics once a week, so it might get the views and votes.
Feature request from 2012 that just now reached the "planed" stage are not very reassuring.
For the time beieng we will have to deactivate this feature.
I'm adding to this thread in an effort to see this pushed along. We had an issue, and not allowing people to merge by different organizations (or custom field) is huge for us.
This is extremely important. It should be considered a security fix rather than a feature. Please add me to the growing list of users who need this.
Upvoted as well - For our use case, we request three features to assist with merging across different requesters/orgs, etc:
- As is echoed in this thread, it should not be possible to merge tickets across brands, or at least there should be a warning. Brand integrity is critical to our business, just as org/requester integrity is critical to privacy.
- If that is too complicated to build, can we at least be able to configure whether you want the requester to see the merge by default. It automatically checks the box to allow the requester to see the merge as a public comment, creating the notification. If this simple feature was configurable to not default to sending an email, then an erroneous merge would at least not alert the customer and the agent wouldn't have to make two clicks in order to merge.
Added a +1
I would agree this is definitely an issue that the Zendesk development Team needs to resolve as we have just had a problem with merging tickets which could have caused data sharing breach.
It needs to be addressed with immediate urgency.
Today it happened again... A Tech confidently clicked on Merge without realizing that it was cross customer.
And now the cries to turn off the merge feature are becoming louder again. Combined with Zendesk Talk, this ist a great way to increase workload.
Anything new on this 6 year old feature request for a function that should have been standard from year one?
I cant see how difficult it could be all we are asking to do is check that the organisation fields = the same company on each ticket before allowing a merge - that should be standard. Until such time we have had to ban it from use
Blocking this would be an acceptable solution--my initial thought, and preferred solution is to simply have a warning dialog pop up when I try to merge across organizations. It's not going to happen a lot, but seems like an important security measure since it can be bad if it does happen.
Zendesk should give us the option to warn or prevent tickets from being merged if the requester or the organization are different on the tickets being merged. Good thing Zendesk isn't handling Hawaii ballistic missile alerts.
And I as well will +1 this. I just fielded an email from a customer who was very upset that his system down information was being shared with another unrelated customer - and we did not notice the automatic CC from the incorrectly merged alert until hours later, when the other customer said, "Guys? I don't think these emails are meant for me." This is, to my mind, not a feature enhancement but a security bug that needs to be addressed ASAP!
Zendesk need to get this sorted out, an easy way would be to display the Ticket organisation of the two tickets you are about to merge, surely that would not be to hard do
Had an issue where agent is confident they "Clicked" on the right ticket number to merge but merge occurred with a different ticket and un-related organization. If zendesk had a feature to prevent merging two tickets that were not from the same organization that could be turned on that would be fantastic and would have prevented the case mentioned above regardless if it was a bug or human error!
Added a +1 to the original post.
This is a high priority incident that needs to be addressed immediately. Sharing client data with other organisations because of an accidental merge is a massive breach of privacy and security policies and in violation of GDPR guidelines.
I can not think of a single good reason why tickets from different organizations should be allowed for merge and should not be possible, and the "Suggested Tickets" in the Merge dialog should not even display ticket ID's for different organisations.
@Oren - Did you get any further response? I agree, not sure how security is a feature request and not a high priority. For organisations that support multiple customers this is one real product weakness within Zendesk.
@Zendesk community managers - is any work being done on this or at least workarounds?
Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.