Customers sometimes enter sensitive information such as credit card numbers, social security numbers, passwords, attachments. or other sensitive information in tickets when they shouldn't. In addition to being visible to anybody with access to the ticket, the sensitive information automatically gets stored in a database with the rest of the ticket.
This article contains the following sections:
About ticket redaction
Admins and agents in custom roles with permission can redact, or remove, sensitive information found in ticket comments and attachments so that your account stays secure and compliant. This helps keep confidential information out of Zendesk. On plans without custom roles, agents with permission to delete tickets can also redact.
- In the standard agent interface, you can use the Ticket Redaction app to redact personal data in ticket conversations. To download, install, and use the app, see Ticket Redaction app in Zendesk Marketplace.
- In the Zendesk Agent Workspace, you can use native ticket redaction to redact personal data. You don’t need to install a separate app. This article describes how native ticket redaction works.
Native ticket redaction works on:
- Side conversation emails, child tickets, and Microsoft Teams messages
- Social messaging channels enabled through Sunshine Conversations
- Web and mobile messaging
- Ended chat conversations from the Agent Workspace
- Public comments
- Internal notes
- Images (attached and inline)
- Attachments (with some limitations)
- Content in archived or closed tickets for email, API, and webform channels
- Tickets created through the Sunshine Conversations SDK.
Ticket redaction does not currently support redaction of entire tickets. Also, Zendesk recommends redacting content before merging tickets. If you redact content in the original ticket after it has been merged with another ticket, the redacted content will be removed from the original ticket, but not from the merged ticket.
If you redact a Zendesk message or a message created via the Sunshine Conversations SDK, the Support ticket interface shows the redacted areas of the messaging conversation, all within the context of the unredacted content. From the customer side, the entire message is deleted.
Redaction events are noted in a ticket’s event log so customers can be aware data has been deleted. In addition, when you redact ticket content, a redacted_content tag is automatically added to the ticket. When you redact ticket content, this causes an update to be made on the ticket using the same channel associated with the content that was redacted. For example, redacting a WhatsApp comment from a ticket. This behavior can cause triggers to fire if your trigger conditions are set to look for updates on a specific channel.
Ticket redaction limitations
- Messages in an active messaging conversation or chat
- Messages stored in the Answer Bot service
- Channel framework-enabled tickets
- Tickets created from Mobile SDK
- Tickets created from Slack Business Connect
- Slack side conversations
Additional limitations include:
- Redaction for messaging tickets does not work for messages created before April 2022. If the ticket contains sensitive information, the tickets will have to be permanently deleted.
- When you redact a ticket comment sent from an email channel, Zendesk does not redact the content of the original email.
- When redacting a ticket, the underlying conversation is not edited on the social messaging platform and third-party integrations. It is redacted only within Zendesk-controlled systems. This also means that an end user, depending on how they communicate with your agent, may still see unredacted content themselves when accessing a message through different channels. For example, in Facebook Messenger or a 3rd-party Chat bot.
- Redaction of messages exchanged between Answer Bot and end users is not supported.
- If triggers are configured prior to redaction taking place, redacted content may persist in the channels launched by these triggers. For example, email conversations.
- Ticket redaction for the Chat history may not be instantaneous and may be delayed by up to 10 minutes due to database replication.
- Bulk redaction is not supported.
Redacting ticket content
To redact ticket content
- Open a ticket and scroll to the conversation thread that contains the content you want to redact.
You can only redact content in one thread at a time.
- Hover your mouse over the thread to display the options menu icon ().
- Click the options menu icon () and choose Redact.
A redaction pane appears.
- Select the content you want to redact, then click Mark for redaction.
The content you want to redact is highlighted.
- Continue to select content to redact and Mark it for redaction.
You can include multiple text strings, attachments, and images as part of the same redaction.
If you mark something for redaction by mistake, click the content and select Unmark for redaction.
- When you’ve finished selecting the content you want to redact, click Redact.
The ticket is updated with the redacted content. Ticket redaction is not reversible.
When you redact ticket content, a redacted_content tag is automatically added to the ticket. You can search for this tag to get a list of redacted tickets.
Redacting ticket content in side conversations
- Microsoft Teams
- Child tickets
- The redaction is only applied to the content in the side conversation. The content isn't redacted on the external channels on which it was delivered, such as an email or Microsoft Teams message.
- When you redact content on a side conversation child ticket, the redaction only takes place on the side conversation. You must seperately redact the content in the child ticket.
- The redacted_content ticket tag isn't automatically added to the ticket.
Side conversation redaction in the Agent Workspace:
Side conversation redaction in the standard agent interface:
What roles have permissions to redact? Where are these permissions set?
CJ Johnson Any admin with the Agent Workspace enabled can redact content. Agents must have permissions to delete tickets to redact content.
I can't seem to find where to initiate redaction. I have tried using a regular agent user-role, admin-role, and two different browsers (Professional Zendesk subscription).
Where/how can I activate the reaction-option?
Screenshot below is from Google Chrome, but same applies to Microsoft Edge:
The permission should be separate from the deleted ticket. I work in a HIPAA and PCI environment and would need all my techs to be able to redact but I do not want them to be able to delete tickets.
Reply to Tommy B
A couple items to check:
If you have checked these items above and still don't see the menu, contact Zendesk Customer Support.
@... if I redact an attachment that was sent by mistake to a customer, will it still be available for the customer to download?
Hi Lorenzo Testini
On Thursday, April 8, the Community is hosting an event on Getting to know Trigger Categories and Redaction in Agent Workspace in Support. From 11:00 am - 11:45 am CST, we’ll be showcasing how to use these new features and answering your questions on the topic. See this article for details.
@... Does this feature support SunCo channels in AW?
Thank you. For some reasons I get an error code when I try to access the article you linked (You're not authorized to access this page). Can you help me accessing the article?
Which link are you referring to? I went through the links Lisa shared but they all appear to be public as far as I can tell.
Let me know!
Slava Skorbezh Messaging channels (including SunCo) aren't supported, yet. But, this feature is on our roadmap.
it is indeed the link that Lisa shared I can't access:
If you can help me accessing it, I would really appreciate it.
Can you try accessing the article again? I believe there was a permissions setting that was preventing you from accessing it.
Let me know!
Thank you @..., it does work now!
This is great to add redaction to the app itself and not require an add-on. When will ticket redaction work on a Side Conversation email? Presently, if data is found that needs to be redacted in a Side Conv email already sent, we have to delete the entire ticket. It would be nice to be able to redact a portion in the sent Side Conv email just as you can in a public ticket comment.
Does manually redacting info from workspace also remove info from logs and database? I assume it does but I cannot find a statement clarifying this within the article.
Excellent question! The original content you redacted will persist in logs for about 30 days before being cleared out.
Let me know if you have any other questions!
Awesome Thank you @...
Is retaining this redacted data in your logs for 30 days compliant with GDPR?
Please see our Product Guides that detail how to permanently delete data using Zendesk, available here: Complying with Privacy and Data Protection law. Under Article 12 of GDPR, data controllers must inform data subjects about actions taken within a month of receipt of a request to erase data. Zendesk's functionalities, as described above, do allow our customers to comply with such requirement.
For further information, please contact our Privacy team: privacy@...
I hope this clears up any confusion!
Is there a way;
1- to limit agents not to download the attachments without redaction or deleting? Security issues are very strict nowadays because of GDPR in every country.
2-to limit agents workspace not to show the attachments to a specific role when the ticket is closed? Our goal is "to show attachements to admins or another specific role (teamleaders) "
Is there any plan to add this native ticket redaction as a trigger condition? We would like to tag these tickets with redacted content for follow-up.
We have added this as a feature request - anyone else want to be able to report on tickets where data was redacted?
Does the file of a redacted attachment remain in the ZenDesk database, or is it purged?
Upon checking on this, currently, there's no native way for us to limit agents not to download ticket attachments without redaction or deleting. Even limiting the attachments on closed tickets to admins or other custom roles. This might not be the best answer for this now, but our developers are constantly checking on room for improvements within Zendesk as a whole. We'll take this as a feedback from you. Appreciate this one!
Should you have concerns about GDPR, Zendesk customers can obtain further product information with regard to GDPR compliance in our GDPR Product Guides. If you cannot locate an answer to your question in our documentation, then you can contact email@example.com and we will try to respond to your question. Please note that this support may only be available in English.
On the "What's new in Zendesk: July 2021", in regards to redaction, " You can now redact content in social messaging tickets and native messaging tickets". I don't see that option available still?
That feature has been rolled out to all accounts that use the Zendesk Agent Workspace. Do you have the Agent Workspace enabled? If so, you should be able to redact content in social messaging and native messaging tickets. If you still don't see that feature, contact Zendesk Customer Support for help.
We got a weird case where the "Redact" option in Zendesk Agent Workspace doesn't help... :-( The attachment we want to redact appears in the quoted text of an incoming email, i.e. in the part which is hidden inside "...".
When we click the "Redact" option on that message, it only shows us the regular text of the message without the quoted text (and attachment), so we can't redact anything from there.
Is there something we can do?
That's indeed a weird one. I'm happy to investigate that further. Please expect an email about this shortly.
Is there a way to redact attachments of a Zendesk ticket by leveraging liquid scripting in a trigger? We have large number of attachments which should be redacted before the ticket status moves to "Closed" state.
We are aware that manual redaction the content/attachments from tickets is possible using Zendesk redaction app. However, because of the volume of the attachments that are to be redacted, we are looking for an automated redaction process which can be either by using triggers, macros, other scripting techniques. Any information or a direction to solve this issue is much appreciated.
There's isn't currently a way to do this – for visibility, I'd recommend creating a post in our Feedback on Support topic, using our template to structure your feedback. That will allow others to upvote and add their own use cases.
Please sign in to leave a comment.