Sensitive Data Handler
Summarize
Summary of Sensitive Data Handler
The Sensitive Data Handler in ServiceNow detects and masks sensitive data entered during Agent Chat or Virtual Agent conversations to protect requester and agent privacy. It prevents exposure of sensitive information such as social security numbers, credit card numbers, and confidential emails by masking detected data in chat transcripts and notifications. It also supports collecting sensitive data securely during business processes like user authentication.
Show less
Important: This feature is planned for future deprecation and will be replaced by the Data Privacy application. It remains supported currently but will no longer be available for new installations.
Key Features
- Detection and Masking: Automatically identifies sensitive data in inbound messages from requesters and outbound messages from agents, masking the data on transcripts and notifying both parties.
- Configurable Regular Expressions: Comes with predefined patterns for credit cards, social security numbers, and emails. Customers can add or modify regex patterns to detect other types of sensitive data tailored to their needs.
- Message Handling: If sensitive data is detected in a requester’s message, a system message alerts both requester and agent. If an agent tries to send sensitive data, the message is blocked with an error and marked internally.
- Channel Support: Works across chat widget, mobile (iOS/Android), and supported adapters including SMS, Slack, Teams, and Workplace.
- User Authentication Support: Can securely pass sensitive authentication data collected during conversations to other entities as part of business workflows.
- Plugin Installation: The Sensitive Data Handler plugin [com.glide.sensitivedatahandling] can be installed independently without requiring Virtual Agent or Agent Chat plugins.
Configuration and Practical Use
Administrators can configure which types of messages (inbound, outbound, or both) are scanned for sensitive data and customize notification messages shown to users when masking occurs. The module allows managing regular expressions to expand or refine sensitive data detection. However, administrators should carefully configure regex patterns because overly complex or incorrect expressions may cause system delays; a built-in timeout prevents long processing times.
Predefined Sensitive Data Patterns
The system includes predefined regular expressions for common sensitive data types, enabling immediate masking without additional configuration. These include:
- Credit Cards (Visa, American Express, Mastercard, Diners Club, Discover) with patterns based on card number formats and digit counts.
- Social Security Numbers, enforcing valid numeric ranges and formatting.
- Email Addresses, detecting standard email patterns.
These patterns ensure sensitive data is identified accurately and masked consistently during conversations.
What Customers Can Expect
By enabling the Sensitive Data Handler, customers can enhance data privacy in chat interactions by automatically detecting and masking sensitive information, reducing risk of data leaks. It supports compliance efforts and protects personal and company data in real-time communications. Administrators gain flexibility to tailor detection rules and messaging to their environment. Customers should plan to transition to the Data Privacy application when the Sensitive Data Handler is deprecated to maintain ongoing protection.
During an Agent Chat or Virtual Agent conversation, the agent or requester may accidentally enter sensitive data. The Sensitive Data Handler detects and masks the sensitive data so it is not viewed by the agent or requester. The Sensitive Data Handler can also collect sensitive data as part of a business process, such as user authentication.
Install the Data Privacy application as a replacement. For more information, see Data Privacy.
- A requester enters sensitive data, such as a social security number, during a conversation with a live agent or virtual agent.
- An agent enters company information, such as a manager's confidential email address, that the requester should not have access to.
- A requester enters sensitive data in a pre-chat or post-chat survey.
The Sensitive Data Handler detects and masks sensitive data when the requester is conversing through the chat widget, mobile (iOS/Android), or any of the supported adapter channels (SMS/Slack/Teams/Workplace).
- Regular expressions for each type of sensitive data (for example, social security number or credit card number).
- Whether sensitive data handling works only for inbound (from a requester) messages, outbound (from a live agent) messages, or both.
- Messages that displays to the requester or agent informing them that sensitive data has been masked.
If the requester sends a message containing sensitive data to an agent, a system message is sent to the requester and agent notifying both that the message contained sensitive data. The sensitive data is masked on the transcript and marked as sensitive on the internal transcript.
If an agent tries to send a message containing sensitive data to a requester, the message is not sent to the requester. Instead, an error is displayed to the agent and the message is tagged as sensitive in the internal transcript.
The Sensitive Data Handler can be configured to pass user authentication information to another entity. The requester might provide sensitive data during a conversation to prove their identity (for example, social security number, date or birth, email address).
The Sensitive Data Handler plugin [com.glide.sensitive_data_handling] can be installed by itself, without a Glide Virtual Agent or Agent Chat plugin. Regular expressions can be added, edited, and deleted from the Sensitive Data Handling module.
Regular Expressions
The base system of the Sensitive Data Handler comes with pre-defined regular expressions for credit/debit card numbers, social security numbers, and email addresses. When the Sensitive Data Handler detects a regular expression, it uses the defined masking pattern to mask sensitive data. To define your own regular expressions and patterns to mask other sensitive data, see Configuring Sensitive Data Handler. If a regular expression is not properly configured, the system may get stuck while attempting to match the regular expression with the message. To prevent the system from getting stuck, the system times out after one second.
| Name | Regular expression | Details |
|---|---|---|
| Credit Card - Visa | \b4[0-9]{12}(?:[0-9]{3})?\b |
|
| Credit Card - American Express | \b3[47][0-9]{13}\b |
|
| Credit Card - Mastercard | \b(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}\b |
|
| Credit Card - Diners Club | \b3(?:0[0-5]|[68][0-9])[0-9]{11}\b |
|
| Credit Card - Discover | \b6(?:011|5[0-9]{2})[0-9]{12}\b |
|
| Social security number | \b(?!666|000|9\d{2})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}\b |
|
| \b[\w!#$%&'*+/=?`{|}~^-]+(?:\.[\w!#$%&'*+/=?`{|}~^-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}\b |
|