Identify PHI/PII/HSPII data from HR work notes/additional comments & redact/anonymize sensitive data

ASHU_1
Tera Contributor

Our requirement is to Identify PHI/PII/HSPII data from HR work notes & additional comments & redact/anonymize sensitive data:

 

1. I read about Data Privacy - Data discovery, classification, and anonymization - But seems like this does not work with work notes & additional comments in the HR case form, as it is Journal fields and they are excluded from this functionality.

 

2. I tried to understand about Edge Security as well, but again not sure, if it will work for my use case and how?

 

3. Or can we create a BR (when=before, insert, update) on the HR Case Journal Entry [sys_journal_field] table

 

4. Can we use AI for field validation or Is there any API or any other third party App on the App Store for our use case?

 

Please provide the best solution for our requirement. Thanks!

 

@furkat @Furkat_Selim @Barkha Bathija @Ieshia Lilly @Susan Britt @Jeff Boltz1 @mikeadler @nicholasmayo 

2 REPLIES 2

Barkha Bathija
ServiceNow Employee
ServiceNow Employee

Thank you @ASHU_1 for the question. 

 

1 & 3: Data Discovery and Anonymization as of Washington doesn't support journal fields. It will be supported later in the year. 

 

2: I will check with the Edge encryption PM and update this thread. 

 

4: Not sure about a third party app to support journal field. But if you are interested I can potentially demo you the journal field support later in April or early May that is coming up in release later in the year. 

 

 

 Thanks for your quick response.

 

1, 2 & 3 Yeah, I hope Data Discovery and Anonymization starts supporting Journal fields soon, but it should not consider the entire field like it does now - instead, from the work notes it should pick up patterns. (I read Edge encryption supports Journal fields and with Tokenization it can identify patterns within the work notes - Please check my understanding with the PM as you said). I believe BR can also work, but then it should be very specific to patterns and not the entire work notes. I also feel its very complex and not a 100% deal when you are trying to have this kind of use case in an open free text section (e.g. people can mention SSNs with  or without - or anything else)

 

4.

*Not sure what demo are you talking about later this month or next?

 

I read about Stave Data Tools on the App Store - It seems like their app might solve our use case, but I am not 100% sure. (They have mentioned this below point as one of the key features)

  • Prevent Unwanted Data from Entering the System. Stop unwanted data from entering your system by identifying and preventing sensitive and PII data from being entered.

 

If this is true, and it supports journal fields (work notes) then I believe this would be the best bet as it would work live (In the moment) It would either stop or redact or encrypt any PII data the agents would be typing in.

 

Looking forward to what you find out and others to share their knowledge on this requirement.