About Sensitive Data Policy
The Sensitive Data Policy tab contains ExpertReview – Compliance Assist, a powerful tool that helps you regulate the private personal information collected by your brand. Many organizations have strict rules about the kind of data they can collect, and this administrative tool can help you flag questions and data that may violate your organization’s standard for respondent data privacy.
With ExpertReview – Compliance Assist, you can:
- Determine what topics will be flagged as sensitive data, using pre-built topics or your own customizable ones.
- Alert survey builders when they are asking for sensitive information.
- Warn respondents before they try to submit sensitive information.
- Redact sensitive information so the users in your brand never see it.
Sensitive data policy settings are not retroactive. Only responses collected after these settings have been saved will be flagged or redacted accordingly.
Setting Up a Sensitive Data Policy
You can only have one sensitive data policy per brand, however you have many customization options you can use to refine this policy. All Brand Administrators can access and edit the same sensitive data policy.
- Go to the Admin page.
- Select the Data Privacy tab.
- Go to the Sensitive Data Policy section.
- Click Add Topics.
- Choose between the following:
- Qualtrics topics: Choose from a library of pre-made topics. Use the search or dropdowns to select topics for use. Different identification numbers such as Social Security will be separated by country rather than industry. See Built-In Topics for more details.
- New topic: Add a single custom topic. See Custom Topics for help with file formatting and Adding a Single Custom Topic for how to upload that file once ready.
- Import topics file: Import multiple topics at a time. Be sure to check the Qualtrics topics before using this option to upload topics that may already be commonly used. See Custom Topics for help with file formatting and Importing Multiple Custom Topics for how to upload that file once ready.
- Save your changes.
Qtip: You can edit or remove these topics in the future.
- Once your topics are created, don’t forget to go to Settings. There, you will determine whether to flag survey creators when they are making questions that may request sensitive data, or to flag survey takers when they try to provide sensitive information about themselves. Here you can also configure redaction.
Qtip: See Flag Survey Questions that Ask for Sensitive Information and Flag Survey Responses that Provide Sensitive Information for more details.
- Also be sure to check out Exemptions. This is where you will identify if any surveys should be exempt from the sensitive data policy.
Flag Survey Questions that Ask for Sensitive Information
You will be able to warn survey creators that the questions they’ve created violate your company’s sensitive data policy. Enable Flag survey questions that ask for sensitive information.
Once this is enabled, you can click Include a custom warning message to write what users will see on the question that violates that policy.
What survey creators see
When a survey creator requests sensitive data, the question will be marked the same way questions that violate other ExpertReview recommendations are, with an orange iQ icon.
When the user clicks on the iQ icon, they will learn what phrases they used that triggered the warning. Here, the warning that the admin created will be displayed.
Flag Survey Responses that Provide Sensitive Information
You can flag responses so that survey takers are warned when they try to provide sensitive information. you can also make it so that if they disregard this warning, the survey creator can then report on the sensitive data they’ve collected.
Select Flag survey responses that provide sensitive information to allow survey builders to report on violations. These are listed by topic, not exact sensitive data provided (e.g., USA Phone Number, not 555-555-5555).
Enabling Warn survey respondents when they provide sensitive information created a message in the survey when respondents try to submit sensitive content.
If you select Redact sensitive information from survey responses, the information that violates the policy is completely deleted. The rest of the response will be fine, but the flagged and redacted information itself will be removed and irretrievable. Survey builders will still be able to report on violations, but these violations will be listed by topic, not specific violation.
Warn survey respondents they’ve provided sensitive information
This is what it looks like when a respondent tries to provide sensitive information. The appearance of the survey and questions asked will vary based on what you’ve built, but see the red warning above the question and the prompt that proceeds.
The respondent will also be asked whether they want to keep going in the survey (Continue) or change what they wrote (Modify Answers).
In this example, you can see that because redaction is turned on, the data is already redacted.
Redacting sensitive information
When information is redacted, it is replaced with a series of asterisks ( * ) so that the survey builders cannot use any sensitive information the respondent has provided.
Turning this option off in the Sensitive Data Policy will not restore the redacted data. All redacted data is deleted permanently.
Global vs. Topic Redaction
When information is redacted, it is replaced with a series of asterisks so that the survey builders cannot use any sensitive information the respondent has provided.
Sometimes, you want to redact information provided pertaining to some topics, but not others. For example, while you may definitely redact any Social Security Numbers respondents try to enter into a survey, you may want phone numbers and email addresses to be left alone, so you can follow up with respondents if needed.
Global redaction can be enabled under the Settings using the Redact sensitive information from survey responses option. This redacts all flagged data, regardless of topic.
To redact information from one topic at a time:
- Click on the name of the topic you want to edit.
- Expand the Policy Settings.
- Select Override Global Policy Settings.
- Select Redact sensitive information pertaining to this topic from survey responses.
- Click Save.
Reporting on Data Policy Violations in Responses
Responses can be flagged based on the privacy policies they violate. Survey builders can report on policies violated by using the Q_DataPolicyViolations field.
The topics tagged in a survey response may not correspond to the topics violated when building the survey. For example, consider a policy that flags USA phone numbers. A survey builder may ask for phone numbers, but if no respondent provides this information, no responses will be flagged. In contrast, if you have a general feedback question where a customer provides a phone number unprompted, this response will be flagged.
Qtip: If you want to view or report on Data Policy Violations, the field is readily available in your Data & Analysis and Reports tabs. However, to base survey logic (such as Branch Logic or Display Logic) you must first add Q_DataPolicyViolations as Embedded Data to your Survey Flow.
While they are not guaranteed to be defined perfectly, Built-In Topics are a great way to get started on your sensitive data policy. They provide heavily researched options with large keyword dictionaries and carefully defined regex.
Once you have finished setting up for the first time, you can select more built-in topics later by clicking Add Topics and selecting Qualtrics topics.
On this window, use the dropdowns or the search bar to find your desired topics. Identification and other registration numbers can be found under their country of origin. (E.g., UK Insurance number is under its respective country instead of an industry.)
If you want to remove every topic listed, click Remove all above the list of selected topics.
Sometimes, you may want to flag topics that are unique to your organization, such as employee ID, or use topics that Qualtrics hasn’t even thought of yet. Thankfully, you can import your own custom topics.
When using a JSON file, the topics you import are always added as new topics, not added onto existing, similar ones. For example, if you manually selected Social Security as a topic and then imported a JSON file with a topic called Social Security that had additional key words, you would have two Social Security topics in your Compliance Assist. This does not hurt the tool’s ability to check your brand for privacy violations in any way.
Export a JSON file of your topics by clicking Export at the top of the topics window. You can use this file to import your topics into another brand, or to make edits to the JSON file and add new custom topics.
Go to the Actions dropdown to the far-right of the topic and click the trash can icon to remove a topic. This can be done for both custom and pre-built ones.
Surveys Exempt from Sensitive Data Policies
There may be times when you need to mark surveys exempt from sensitive data policy violations. For example, if you have a workflow where you need to get back in touch with customers who wrote in upset, you probably need to collect some form of contact information, even if you generally forbid other surveys in the brand from doing so.
Marking Surveys Exempt
- Click Exemptions.
- Click Add survey.
- Search a survey by name. You can only select one survey at a time. Do not search by survey ID.
- Select one of the following options:
- Survey is exempted from all current and future Sensitive Data Policy topics
- Survey is exempt only from the selected Sensitive Data Policy topics
Qtip: You can select multiple topics. Click the trash can to remove a topic from the list of topics the survey is exempt from.
- Click Save.
Once you’ve marked surveys exempt from the sensitive data policy, they’ll appear on the Exemptions page.
Click the blue topics text to change the topics the survey is exempt from.
Click the trashcan to remove the exemption.