Exploring Data Privacy

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Data Privacy

    Data Privacy in ServiceNow enables customers to classify and manage sensitive data by removing personally identifiable information (PII) from user data in production instances and anonymizing data in non-production instances. This capability helps protect regulated private information while allowing developers to safely work with realistic data in development or test environments without exposing sensitive details.

    Show full answer Show less

    Key Features

    • Data Classification: Allows identification and grouping of sensitive data using pre-defined or custom data classes based on the sensitivity level. This classification guides how data should be handled and anonymized.
    • User Data Anonymization: Administrators can anonymize data for all users or selected subsets by replacing PII with randomized or defined values, preserving data structure to maintain usability in non-production environments.
    • Installation Requirements: The Data Privacy functionality requires installing several related applications and plugins, including Data Privacy (Classic), Data Privacy Store App, Data Discovery, and Data Discovery APIs. Installing one component often auto-installs dependent plugins.

    Important Considerations

    • Only data that has been properly classified can be anonymized.
    • PII contained in unstructured data fields (e.g., journal entries, comments, attachments) and logs is not anonymized.
    • Integration with Single Sign-On (SSO) systems may resynchronize user data, which can compromise the permanency of anonymization for sysuser records.
    • Supported field types for anonymization are limited to structured data fields; unstructured data requires careful consideration.

    Benefits for ServiceNow Customers

    This capability allows administrators to comply with privacy regulations by properly managing PII, while enabling developers to safely access realistic but anonymized data in non-production environments. It reduces security risks associated with using production data for testing and development, ensuring privacy without impacting the quality of development work.

    Use Data Privacy to classify sensitive data and to remove personally identifiable information (PII) from user data in a production instance and anonymize data in non-production instances. Once anonymized, the user data is no longer considered regulated private information.

    Developers must work with data on non-production instances to ensure that their implementations are working as expected. While importing data from your production instance is a useful way to simulate production, it presents a security risk. Administrators can use data privacy to provide developers with data that does not contain private information to work safely in a non-production environment.

    Data classification

    Identify and classify your sensitive data according to pre-defined criteria determined by the level of sensitivity of the data types in your instance. Data sensitivity levels help determine how each type of classified data should be handled. There are several pre-defined classes provided with base level data privacy. Use the classification section of Data Privacy to label and group data within your instance. Add classes, view data class structure and classify data. Group data by type, using pre-defined or user-defined data classifications.

    User data anonymization

    As an administrator, you define whether to anonymize all information for all users or for a subset of users. When anonymized, data for the selected user records is replaced with randomized values or values you define. When replacing values, the data structure can be preserved using various techniques.

    Data Privacy

    Use Data privacy to classify sensitive data and to remove personally identifiable information (PII) from user data in a production instance and anonymize data in non-production instances.

    Note:
    You can also use the legacy plugin Data privacy (Classic).

    Installation details

    You must have the following applications installed on your instance:
    • Data Privacy (Classic) [com.glide.data_privacy]
    • Data Privacy [sn_dp_store_app]
    • Data Discovery [sn_data_discovery]
    • Data Discovery APIs[com.glide.data_discovery]
    Here is the how the installation works:
    • Installing the Data Privacy Store App will auto install the Data Discovery Store App, Data Privacy (Classic) plug-in, and the Data Classification plugin.
    • Installing the Data Discovery Store App will auto install the Data Discovery APIs plugin

    Considerations

    • Only classified data can be anonymized. For information on data classes and classification, see Data classification (Classic) or Data classification Store App.
    • PII in logs and other auditing data are not anonymized.
    • Only structured data can be anonymized. Unstructured data, such as Journal fields, comments, attachments, and other fields where partial text may represent PII is not anonymized. See Supported field types for anonymization for more information.
    • Integrations with single sign-on (SSO) systems may resynchronize user information from their source of truth systems. There is no mechanism in place to ensure the permanency of the de-identification of sys_user data. For information on user administration and sys_users see User Administration.