Answer Bot dataset: grant Admin access to delete sensitive data from "Answer enquiries" attribute
There's an attribute in the Answer Bot dataset named "Answer enquiries," which shows exactly what users typed to Answer Bot in the Messaging widget.
Users can potentially send sensitive and/or PII data such as credit card numbers and social security numbers to the bot, and there currently is no way for Admins to know that's happened or to redact that data from Explore.
Even if the enquiry later became a ticket and that data was redacted on the ticket itself, the PII is still displayed in Explore reporting. That's a security problem.
Ideally, the solution to this would have two components:
- Give admins a tool to monitor the inadvertent collection of potentially sensitive data via Answer Bot, such as an alert that fires when an enquiry meets certain conditions (my SS# number is ___, my credit card number is ____, etc).
- Give admins a tool to permanently delete such content from Explore, so that this data no longer populates in queries that includes the "Answer enquiries" attribute.
Until Admins have a tool to manage this data themselves, fixing this issue requires regularly downloading and manually reviewing all enquiries, then submitting a ticket to Zendesk Support to have them delete any sensitive data from their end.
Please sign in to leave a comment.