You can take steps to secure sensitive information contained in your Zendesk, including:
Removing information from email notifications
The default triggers in Zendesk Support produce a variety of email notifications sent to users and cc's. The emails may contain information you don't want to make public. For example, if you're a HIPAA-compliant company in the U.S., you don't want personal health information to be accidentally sent in subjects or comments in the email. You can edit the triggers to remove the information from the emails.
To remove information from email notifications
- In Admin Center, click
Objects and rules in the sidebar, then select Business rules >
Triggers. - For each trigger that sends email notifications, click Edit.
- In the Email Subject or Email body of the trigger action, delete the
dynamic content placeholders for the ticket subject (
{{ticket.title}}) and comments, including any of the following placeholders:{{ticket.description}}{{ticket.comments_formatted}}{{ticket.public_comments_formatted}}{{ticket.latest_comment_formatted}}{{ticket.latest_public_comment_formatted}}
- Click Update Trigger.
For more information, see the Zendesk Support placeholder reference.
Making ticket attachments private
Attachments use links in Zendesk Support. Without enabling private attachments, any link found by an individual can be accessed without first authenticating into Zendesk. Enable private attachments unless there's a strong business reason not to. See Working with attachments in tickets.
Redacting credit card numbers from tickets
You can redact, or remove, digits from credit card numbers found in ticket comments or custom fields so that the numbers are no longer useful. See Automatically redacting credit card numbers from tickets.
Redacting other ticket information
If you have the Zendesk Agent Workspace enabled on your account, you can use native ticket redaction to redact ticket content. See Redacting ticket content.
4 Comments
Hello EM-COP Admin! First of all, welcome to our Community!
I'll go ahead and create a ticket for you so we can check this further. You should be receiving an email shortly! Thanks! :)
It is amazing that Zendesk offers native capability to redact any sensitive information from the ticket. However, it is manual and time-consuming to redact even as little as 10 tickets. Also, it is error prone and non-compliant if an agent misses redacting a message/attachment.
We, at Strac, have built a Zendesk Redactor solution which will automatically detect and redact messages/attachments. It will also redact portions of sensitive data in images/attachments. Please check us out here: https://strac.io
Hi there, does anyone know how we could restrict light agents from accessing certain attachments (such as quotations, PO's) while still being able to upload and work with photographs, for instance?
There is no option to restrict light agent permissions to specific attachments. Generally, Light agents can view tickets (including ticket comments and attachments), make private comments, request a ticket by private comments, be CC'd, add attachments, view user profiles, and apply macros.
You have an option to configure light agent ticket access and reporting permissions depending on the plan that you are on. This will allow you to restrict light agents' access to tickets within a certain group.
In the specific scenario you've shared, if it's possible in your workflow you can assign the tickets with certain attachments to a group and restrict light agents from accessing tickets within that group. More detailed information on how to configure light agents ticket access here: Configuring light agent ticket access and reporting permissions
Please sign in to leave a comment.