Enforce PII redaction in list view exports across all interfaces

saikbandaru
Tera Contributor

Hi Community,

We’re looking for guidance on a platform pattern for enforcing PII redaction in list view exports across all interfaces in ServiceNow.

Requirement summary

  • Export from list views must exclude or nullify PII fields using a centralized mechanism.
  • Coverage should include CSV, Excel, and API-triggered exports.
  • Redaction must still apply when users personalize list views and add PII fields.
  • Data Integrity: Exported files must maintain structure with null values replacing PII fields.
1 REPLY 1

drbob
Tera Contributor

I just read about the "data type" ACLs which ServiceNow indicated could be used for PII. I'm not sure how useful they would be as they apply across all tables and, while I can see that a *.[email] ACL for read preventing visibility of any emails might be useful, it might also inhibit visibility of emails that someone needs to see. ...and I imagine a lot of PII is in String field types - I can't see *.[string] being useful.

Think it only came out in Zurich - would be interested if ServiceNow can provide examples of how to use it or if anyone reading this has given it a go.


I suspect you'll have more joy with "Data Classification" (been around longer so people may have nice examples, unfortunately I haven't used it). This definitely is intended for use with PII... https://www.servicenow.com/docs/r/platform-security/data-classification/data-classification.html

 

Whatever you find bear in mind the circumventions - you mentioned API-triggered reports but even just scheduled reports could expose this data if run as a user that has access. Watch for other situations where a user with access runs data export for a user that doesn't have.