Sensitive Data Handler
Summarize
Summary of Sensitive Data Handler
The Sensitive Data Handler in ServiceNow detects and masks sensitive information entered during Agent Chat or Virtual Agent conversations to prevent exposure to agents and requesters. It also supports collecting sensitive data securely for business processes like user authentication. This feature applies across multiple communication channels, including chat widgets, mobile apps, and adapter channels such as SMS, Slack, Teams, and Workplace.
Show less
Note that the Sensitive Data Handler feature is slated for future deprecation and will be replaced by the Data Privacy application. It remains supported currently but will be hidden and unavailable for new installations.
Key Features
- Masking sensitive data in conversations: Automatically masks data such as social security numbers, credit card numbers, and confidential emails when detected in messages from agents or requesters.
- Configurable regular expressions: Comes with pre-defined patterns for common sensitive data types. Customers can add, edit, or delete regular expressions to identify and mask additional sensitive data relevant to their environment.
- Message handling rules: Controls whether masking applies to inbound messages (from requesters), outbound messages (from agents), or both. Messages containing sensitive data sent by requesters trigger system notifications to both parties. Messages with sensitive data from agents are blocked from being sent to requesters.
- Sensitive data tagging and transcript handling: Masked sensitive data is shown on conversation transcripts, and internal transcripts are marked accordingly to highlight sensitive content.
- User authentication support: Can securely handle sensitive data provided by requesters to verify their identity during conversations.
- Standalone plugin: The Sensitive Data Handler plugin can be installed independently without requiring Virtual Agent or Agent Chat plugins.
Pre-Defined Regular Expressions
The system includes out-of-the-box regular expressions to detect common sensitive data, including:
- Credit card numbers from Visa, American Express, Mastercard, Diners Club, and Discover, each with specific digit patterns.
- Social security numbers with validation rules for valid digit ranges and formatting.
- Email addresses following standard email syntax rules.
These regular expressions enable automatic detection and masking of sensitive data using defined masking patterns. Customers can customize these patterns to fit their specific needs.
Important: Improperly configured regular expressions can cause processing delays; the system times out after one second to prevent hanging.
Practical Benefits for ServiceNow Customers
- Protects sensitive information from accidental exposure during live or virtual agent interactions.
- Enhances compliance with data privacy regulations by masking or blocking sensitive data in conversations.
- Improves customer trust by notifying both agents and requesters when sensitive data is masked.
- Supports secure identity verification workflows within conversational interfaces.
- Flexible configuration allows tailoring to specific organizational data protection requirements.
During an Agent Chat or Virtual Agent conversation, the agent or requester may accidentally enter sensitive data. The Sensitive Data Handler detects and masks the sensitive data so it is not viewed by the agent or requester. The Sensitive Data Handler can also collect sensitive data as part of a business process, such as user authentication.
Install the Data Privacy application as a replacement. For more information, see Data Privacy for Virtual Agent.
- A requester enters sensitive data, such as a social security number, during a conversation with a live agent or virtual agent.
- An agent enters company information, such as a manager's confidential email address, that the requester should not have access to.
- A requester enters sensitive data in a pre-chat or post-chat survey.
The Sensitive Data Handler detects and masks sensitive data when the requester is conversing through the chat widget, mobile (iOS/Android), or any of the supported adapter channels (SMS/Slack/Teams/Workplace).
- Regular expressions for each type of sensitive data (for example, social security number or credit card number).
- Whether sensitive data handling works only for inbound (from a requester) messages, outbound (from a live agent) messages, or both.
- Messages that displays to the requester or agent informing them that sensitive data has been masked.
If the requester sends a message containing sensitive data to an agent, a system message is sent to the requester and agent notifying both that the message contained sensitive data. The sensitive data is masked on the transcript and marked as sensitive on the internal transcript.
If an agent tries to send a message containing sensitive data to a requester, the message is not sent to the requester. Instead, an error is displayed to the agent and the message is tagged as sensitive in the internal transcript.
The Sensitive Data Handler can be configured to pass user authentication information to another entity. The requester might provide sensitive data during a conversation to prove their identity (for example, social security number, date or birth, email address).
The Sensitive Data Handler plugin [com.glide.sensitive_data_handling] can be installed by itself, without a Glide Virtual Agent or Agent Chat plugin. Regular expressions can be added, edited, and deleted from the Sensitive Data Handling module.
Regular Expressions
The base system of the Sensitive Data Handler comes with pre-defined regular expressions for credit/debit card numbers, social security numbers, and email addresses. When the Sensitive Data Handler detects a regular expression, it uses the defined masking pattern to mask sensitive data. To define your own regular expressions and patterns to mask other sensitive data, see Configuring Sensitive Data Handler. If a regular expression is not properly configured, the system may get stuck while attempting to match the regular expression with the message. To prevent the system from getting stuck, the system times out after one second.
| Name | Regular expression | Details |
|---|---|---|
| Credit Card - Visa | \b4[0-9]{12}(?:[0-9]{3})?\b |
|
| Credit Card - American Express | \b3[47][0-9]{13}\b |
|
| Credit Card - Mastercard | \b(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}\b |
|
| Credit Card - Diners Club | \b3(?:0[0-5]|[68][0-9])[0-9]{11}\b |
|
| Credit Card - Discover | \b6(?:011|5[0-9]{2})[0-9]{12}\b |
|
| Social security number | \b(?!666|000|9\d{2})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}\b |
|
| \b[\w!#$%&'*+/=?`{|}~^-]+(?:\.[\w!#$%&'*+/=?`{|}~^-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}\b |
|