Ability to prohibit merging of tickets across organizations

46 Comentários

  • Adam Fronteras

    This is a major ISO27K issue as if two diffrent organisation tickets were accidently merge confidential data would be accidently shared. We have had tickets shared accidently before and its easy to do but an option for us to set "do not allow merge tickets between diffrent organsiations" would be useful. As it is the merge functionality is useless without this as the risk of accidentasl ticket merge is to great

    10
  • Steve Jones

    This is a serious problem.  If we cannot prohibit by organization, is it possible to disable merging tickets entirely?

    8
  • Heather Rommel
    Community Moderator
    The Product Manager Whisperer - 2021

    We had similar issues. On the Enterprise plan, you can create roles and disable merging altogether.

    However, we would like the agents allowed to merge to STILL be restricted if the organizations are different (or at least a soft stop and reminder) so +1 from us!

    7
  • Rory McCabe

    Hi,

     

    I would like to bump this as we have had an issue today of a similar nature and it could be a contract breach in certain circumstances. Surely Zendesk has an obligation to develop this to protect's it's clients and subsequently the data of any person that interacts with the software.

     

    Can there please be a response from Zendesk admin over this issue?

    6
  • Lucas Sutherland

    +1 - as per previous commentators, it would be good to see a reply from Zendesk on this feature. 

    At the very least a warning should be displayed, if not outright prohibited.

    5
  • Adam Hattrell

    We would also find this very useful.  

    5
  • Oren Gozlan

    after sending an email to Zendesk support, i've got this answer:

     

    Hey Oren,

    Thanks for contacting Zendesk's Customer Advocacy team. I completely understand your concern regarding the ability to merge tickets between organizations. Building functionality to prevent that sort of behavior is a bit more complex and hasn't been completed as of yet. The community post is a feature request for that functionality. We have documentation on how the ticket merge functionality works here

    I'm happy to mark this ticket as product feedback and pass it along to our product managers to review to see if they can take this into account when developing the product in the near future. 

    Hope this helps. Let me know if I can assist further,

    -----

     

    What can I say ... such a security and privacy is a "feature request" ?

    email on that matter was just sent to Mikkel Svane (Zendesk CEO)

     

    4
  • Tore Henriksen

    I want to chime in here as well. We are in the same boat as everyone else, GDPR is the primary concern obviously  but we also have client-facing reputations to consider, as I am sure do everyone else. We work in a multi-branded environment, so accidentally merging tickets from multiple brands together (even if the same end-user) is potentially disastrous.

    4
  • Kenny Fulton

    As others have rightly outlined, this should be considered a security risk, rather than a feature request. There is no way to 'undo' a merge, and so leaves us wide open for our customers (who may be in competition with each other) to access the PII of another, should an agent accidentally merge 2 tickets from different accounts. 

    4
  • Verbert Jérémy

    + 1 here

    Either we should be able to prevent the issue or to correct it, but it's not acceptable to be blocked either way...

    4
  • David Rose

    This is a major problem and has just created a GDPR breach.
    Just yesterday a colleague of mine managed to merge several requests from different companies.

    This should be dealt with as an urgent security fix, not a minor "feature request"

    4
  • Shiraz Israel

    Agreed, this just happened today by accident and two customers from different organizations were replying to the same ticket. Definitely an issue that should be able to be controlled.

    Where is a response from Zendesk? 

    3
  • Oren Gozlan

    I don't this that +1 is the issue.

    This is a critical bug that can be a life changer for Zendesk, it can't be that Zendesk have not thought about it.

    Zendesk ??!!!

    3
  • James Shiers

    Thanks @Nicole.  We've just had an incident where this resulted in customers receiving emails they should never have had.  This is a major concern for us especially as we're in the UK and have to comply with GDPR.

    I appreciate that not many people have voted for this issue but given the potential dangers and it's importance with regards to people's data I think it warrants a high priority.  Plus I would assume it's not a particularly difficult issue to solve.

    Did you get any response from the product team?

    3
  • Lucas Sutherland

    Thanks Nicole, GDPR, Mandatory data breach reporting (in some countries) and organisation reputation risks are all really important considerations for businesses servicing multiple clients with a solution such as Zendesk. The risks of a data breach could be minimised by tighter restrictions around ticket merging.  I will take your advice and contact privacy@zendesk.com and encourage others to do the same.

    3
  • Sue Bray

    Agree this request would be very useful. We just had a ticket merged incorrectly into a different organisation's ticket and this had the potential to expose data that it shouldn't have. This then has implications for privacy reporting both here in Australia and GDPR. 

    3
  • Wolf Hilbl

    Hi, i add my vote to the bucket.

    Just yesterday a college of mine managed to merge several requests from different companies.
    Depending on your customer group, this can be the end of your company, imagine merging requests from two high stakes competitors... 

    This feature request might not have many votes  but the frequency of use of your community page should not prevent you from implementing important features, that should have been standard in the first place.
    But i am willing to "bump" it into recent topics once a week, so it might get the views and votes.

    Feature request from 2012 that just now reached the "planed" stage are not very reassuring.

    For the time beieng we will have to deactivate this feature.

    Kind regards
    Wolf 

    3
  • Tom Jackson

    I'm adding to this thread in an effort to see this pushed along.  We had an issue, and not allowing people to merge by different organizations (or custom field) is huge for us.

     

    Thanks.

    3
  • Alex Gillum-Webb

    This is extremely important. It should be considered a security fix rather than a feature. Please add me to the growing list of users who need this.

    3
  • Montana Steele

    Upvoted as well - For our use case, we request three features to assist with merging across different requesters/orgs, etc: 

    1. As is echoed in this thread, it should not be possible to merge tickets across brands, or at least there should be a warning. Brand integrity is critical to our business, just as org/requester integrity is critical to privacy. 
    2. If that is too complicated to build, can we at least be able to configure whether you want the requester to see the merge by default. It automatically checks the box to allow the requester to see the merge as a public comment, creating the notification. If this simple feature was configurable to not default to sending an email, then an erroneous merge would at least not alert the customer and the agent wouldn't have to make two clicks in order to merge.
    3
  • Carlo Manselli

    Added a +1

    I would agree this is definitely an issue that the Zendesk development Team needs to resolve as we have just had a problem with merging tickets which could have caused data sharing breach.

    It needs to be addressed with immediate urgency.

     

    tks, C

    3
  • Wolf Hilbl

    Today it happened again... A Tech confidently clicked on Merge without realizing that it was cross customer.

    And now the cries to turn off the merge feature are becoming louder again. Combined with Zendesk Talk, this ist a great way to increase workload.

    Anything new on this 6 year old feature request for a function that should have been standard from year one?

    3
  • Adam Fronteras

    I cant see how difficult it could be  all we are asking to do is check that the organisation fields = the same company on each ticket before allowing a merge - that should be standard. Until such time we have had to ban it from use

    2
  • Luca Masters

    Blocking this would be an acceptable solution--my initial thought, and preferred solution is to simply have a warning dialog pop up when I try to merge across organizations. It's not going to happen a lot, but seems like an important security measure since it can be bad if it does happen.

    2
  • Christopher Hansen

    Zendesk should give us the option to warn or prevent tickets from being merged if the requester or the organization are different on the tickets being merged. Good thing Zendesk isn't handling Hawaii ballistic missile alerts.

    2
  • Sarah Mills

    And I as well will +1 this.  I just fielded an email from a customer who was very upset that his system down information was being shared with another unrelated customer - and we did not notice the automatic CC from the incorrectly merged alert until hours later, when the other customer said, "Guys?  I don't think these emails are meant for me."  This is, to my mind, not a feature enhancement but a security bug that needs to be addressed ASAP!

    2
  • Adam Fronteras

    Zendesk need to  get this sorted out, an easy way would be to display the Ticket organisation of the two tickets you are about to merge, surely that would not be to hard do

     

    2
  • Kaleb Himes

    Had an issue where agent is confident they "Clicked" on the right ticket number to merge but merge occurred with a different ticket and un-related organization. If zendesk had a feature to prevent merging two tickets that were not from the same organization that could be turned on that would be fantastic and would have prevented the case mentioned above regardless if it was a bug or human error!

     

    Added a +1 to the original post.

    2
  • Panteleimon Zaikis

    This is a high priority incident that needs to be addressed immediately. Sharing client data with other organisations because of an accidental merge is a massive breach of privacy and security policies and in violation of GDPR guidelines.

    I can not think of a single good reason why tickets from different organizations should be allowed for merge and should not be possible, and the "Suggested Tickets" in the Merge dialog should not even display ticket ID's for different organisations.

    2
  • Lucas Sutherland

    @Oren - Did you get any further response? I agree, not sure how security is a feature request and not a high priority. For organisations that support multiple customers this is one real product weakness within Zendesk.

     

    @Zendesk community managers - is any work being done on this or at least workarounds?

    1

Por favor, entrar para comentar.

Powered by Zendesk