Administrators can access attributes within the Application Dictionary, user profiles and System Lists that can work together to ensure that unauthorized users cannot access Personal Identifiable Information (PII) data. These features can provide additional data security for consumers, which some regions require by law.
Administrators can use these attributes to mark consumer data as PII, create PII regions, and set PII regions in user profiles. These attributes can restrict access to PII when correctly enabled, with a number of settings in place by default.
Users who are not PII-authorized will have the following menu access disabled:
- the Users submenu in Customer Maintenance
- the Users submenu in Website Maintenance
- the UserProfile drop-down list on the Salesperson Maintenance screen
- the EmailLists menu item on the main menu
Only PII-authorized users have access to the Report function with Job Definitions, and only PII-authorized users within the correct PII region can export PII data. Administrators can audit user region assignment changes to ensure only authorized users have access to PII data.
If at least one PII region has been established and a user has not indicated a region on their profile, they will not see PII data. If no PII regions are established, users will have their normal access to data.
Use default PII fields
The following Application Dictionary fields default to Yes PII, and administrators can reset these values if needed when in Master Edit Mode:
- AspNetUsers: Email, PhoneNumber, UserName
- Audit: UserName
- Customer: CompanyName, Attention, FirstName, MiddleName, LastName, Phone, Fax, Address1, Address2, Address3, Address4, Email
- CustomerOrder: BT/ST+ CompanyName, CompanyName, FirstName, LastName, Phone, Address1, Address2, Address3, Address4, MiddleName, Email
- EmailMessageAddress: EmailAddress
- EmailSubscriber: Email
- InvoiceHistory: BT/ST+ CompanyName, Address1, Address2, Address3, Address4
- OrderHistory: BT/ST+ CompanyName, Address1, Address2, Address3, Address4
- UserPaymentProfile: Address1, Address2, Address3, Address4, CardholderName
- UserProfile: FirstName, LastName, UserName, Phone, Email, Fax, Extension
Any field not listed here defaults to No.
Mark properties as PII in the Application Dictionary
Administrators can add additional PII flags in the Application Dictionary.
- Click the Debug Tools icon and select Enable Master Edit Mode.
- Go to Administration > System > Application Dictionary.
- Click the Edit button next to an entity.
- Select the Properties tab.
- Click Edit next to a property. The Is PII toggle appears on the Details tab.
Add values to the PII Region field
Administrators can establish region(s) to restrict access to PII data through System Lists.
- Go to Administration > System > System Lists.
- Select Edit next to the PII Region System List.
- Select the Values tab.
- Click add System List Values to add a PII region.
PII data is masked for users outside of established regions.
Set the PII region for Countries
Administrators can set the PII region for countries in the Admin Console.
- Click the Debug Tools icon and select Enable Master Edit Mode.
- Go to Administration > Localization > Countries. Click add Country.
- The PII Region field is visible on the Details tab.
Set the PII region on Console User profiles
Administrators can set the PII region for console users in the User Profile PII Region field.
- Click the Debug Tools icon and select Enable Master Edit Mode.
- Go to Administration > Users > Console Users. The PII Region field is visible in the User Information section.
- Select the applicable PII Region from the drop-down list. The values in the list come from the PII Region Countries System List.
Summary
Complete the following four steps to hide PII data for unauthorized users outside of the defined PII region:
- Mark properties in the Application Dictionary as PII
- Create PII regions in the System List
- Link PII regions to Console User Countries
- Set the PII region on the User Profile of each Console User
Please sign in to leave a comment.