Anonymize Advanced AI Search Analytics

Christof Brockh
Tera Contributor

Hi,

 

is there an easy way to anonymize the user column on the system table 'sys_search_event'?

Maybe through a system property?

Would it be possible to exclude the user name from being collected in the first place?

 

My customer likes the 'Advanced AI Search Management Tools', but they do not have the go to collect personal data from user like the search query string together with the user name .

 

best regards

Christof

2 REPLIES 2

Gerard Dwan
ServiceNow Employee
ServiceNow Employee

Hi @Christof Brockh  - the sys_search_event table and AI Search Analytics (via Advanced AI Search Management Tools) required different permissions and have different pieces of information. The AI Search Analytics does not provide a way to see usernames. Details here: https://docs.servicenow.com/bundle/vancouver-platform-administration/page/use/dashboards/application... 

Hello @Gerard Dwan 

Sorry to come back to this question, but in my organization our Data Privacy Officer has some concerns.

 

From Advanced AI Search Management Tools, we get:

- AI Search Analytics dashboard https://docs.servicenow.com/bundle/vancouver-platform-administration/page/use/dashboards/application...

- Platform Analytics Solution for Advanced AI Search Management Tools https://docs.servicenow.com/bundle/washingtondc-platform-administration/page/use/dashboards/applicat...

 

In AI Search Analytics, all data is anonymized and userids are hashed.

But from Platform Analytics Solution we have access in the backend to:

- Search Profile Analytics

- Search Index Analytics

 

In the Search Index Analytics, there is a tab called AI Search Query where it is possible to drill down in the "Queries by Language" and link each query to an user.

Here lies the our concern especialy how this can be GDPR complaint.

 

Our questions:
- Can you confirm this is GDPR compliant?

- Is there a way to also hash the userids here ? Or there is an alternative way to hide this without major impact? For example with would be safe to have a read ACL on table.field sys_search_event.name ? So we could limit the users that should work with the analytics to be able to match queries to users ?

 

Thank you.

Best,

Edgar Basto