Sensitive Data Handler
Summarize
Summary of Sensitive Data Handler
The Sensitive Data Handler in ServiceNow helps protect sensitive information during Agent Chat and Virtual Agent conversations by detecting and masking sensitive data entered by agents or requesters. This ensures that confidential information such as social security numbers, credit card numbers, or company emails are not visible to unauthorized parties. It supports multiple communication channels including chat widgets, mobile apps (iOS/Android), and adapters like SMS, Slack, Teams, and Workplace.
Show less
Key Features
- Detection and Masking: Automatically identifies sensitive data in messages and masks it to protect privacy.
- Configurable Scope: Allows configuration to handle sensitive data in inbound messages (from requesters), outbound messages (from agents), or both.
- Notifications: Sends system messages to both requesters and agents when sensitive data is detected and masked.
- Message Blocking for Agents: Prevents agents from sending sensitive data to requesters by displaying an error and tagging the message internally.
- User Authentication Support: Can collect sensitive data during conversations for identity verification and pass this information securely.
- Regular Expression Management: Enables adding, editing, or deleting regular expressions to detect various types of sensitive data.
- Plugin Availability: Available as a standalone plugin ([com.glide.sensitivedatahandling]) that does not require Virtual Agent or Agent Chat plugins.
Pre-defined Regular Expressions
The system includes built-in regular expressions to detect common sensitive data types such as:
- Credit card numbers (Visa, American Express, MasterCard, Diners Club, Discover) with specific patterns based on card issuer rules.
- Social security numbers following strict format rules to avoid false positives.
- Email addresses with comprehensive pattern matching to cover valid email formats.
These regular expressions use defined masking patterns to obscure detected sensitive data in conversations. Customers can extend detection by configuring additional expressions. To maintain system performance, any regular expression processing that exceeds one second times out to prevent system hangs.
During an Agent Chat or Virtual Agent conversation, the agent or requester may accidentally enter sensitive data. The Sensitive Data Handler detects and masks the sensitive data so it is not viewed by the agent or requester. The Sensitive Data Handler can also collect sensitive data as part of a business process, such as user authentication.
- A requester enters sensitive data, such as a social security number, during a conversation with a live agent or virtual agent.
- An agent enters company information, such as a manager's confidential email address, that the requester should not have access to.
- A requester enters sensitive data in a pre-chat or post-chat survey.
The Sensitive Data Handler detects and masks sensitive data when the requester is conversing through the chat widget, mobile (iOS/Android), or any of the supported adapter channels (SMS/Slack/Teams/Workplace).
- Regular expressions for each type of sensitive data (for example, social security number or credit card number).
- Whether sensitive data handling works only for inbound (from a requester) messages, outbound (from a live agent) messages, or both.
- Messages that displays to the requester or agent informing them that sensitive data has been masked.
If the requester sends a message containing sensitive data to an agent, a system message is sent to the requester and agent notifying both that the message contained sensitive data. The sensitive data is masked on the transcript and marked as sensitive on the internal transcript.
If an agent tries to send a message containing sensitive data to a requester, the message is not sent to the requester. Instead, an error is displayed to the agent and the message is tagged as sensitive in the internal transcript.
The Sensitive Data Handler can be configured to pass user authentication information to another entity. The requester might provide sensitive data during a conversation to prove their identity (for example, social security number, date or birth, email address).
The Sensitive Data Handler plugin [com.glide.sensitive_data_handling] can be installed by itself, without a Glide Virtual Agent or Agent Chat plugin. Regular expressions can be added, edited, and deleted from the Sensitive Data Handling module.
Regular Expressions
The base system of the Sensitive Data Handler comes with pre-defined regular expressions for credit/debit card numbers, social security numbers, and email addresses. When the Sensitive Data Handler detects a regular expression, it uses the defined masking pattern to mask sensitive data. To define your own regular expressions and patterns to mask other sensitive data, see Configuring Sensitive Data Handler. If a regular expression is not properly configured, the system may get stuck while attempting to match the regular expression with the message. To prevent the system from getting stuck, the system times out after one second.
| Name | Regular expression | Details |
|---|---|---|
| Credit Card - Visa | \b4[0-9]{12}(?:[0-9]{3})?\b |
|
| Credit Card - American Express | \b3[47][0-9]{13}\b |
|
| Credit Card - Mastercard | \b(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}\b |
|
| Credit Card - Diners Club | \b3(?:0[0-5]|[68][0-9])[0-9]{11}\b |
|
| Credit Card - Discover | \b6(?:011|5[0-9]{2})[0-9]{12}\b |
|
| Social security number | \b(?!666|000|9\d{2})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}\b |
|
| \b[\w!#$%&'*+/=?`{|}~^-]+(?:\.[\w!#$%&'*+/=?`{|}~^-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}\b |
|