Category

How to Use Data Redaction Feature in BoldDesk

Updated:

BoldDesk provides a data redaction feature designed to protect sensitive information and support compliance with privacy regulations such as HIPAA. This feature automatically detects and obscures confidential data in support tickets using customizable redaction rules.

Redaction ensures that teams can continue their operations efficiently while preventing unauthorized access to sensitive data.

Data Redaction and Scope

Data Redaction

Data redaction refers to the process of masking or removing sensitive information from digital records to prevent unauthorized access. In BoldDesk, redaction ensures secure handling of support tickets while maintaining operational efficiency.

Scope of Redaction

Redaction rules apply specifically to the following areas within a ticket, each of which may contain sensitive data that needs protection.

  • Subject
  • Responses
  • Activity logs

Types of Sensitive Information That Can Be Redacted

The system supports redaction of various types of sensitive data, including but not limited to:

  • Credit card numbers
  • Social Security Numbers (SSN)
  • Phone numbers
  • Email addresses

How to Enable Data Redaction

Follow these steps to configure redaction in BoldDesk:

  1. Navigate to: Agent Portal > Admin Module > Settings >Security & Compliance > Data Redaction
  2. Toggle switch to enable Redact Sensitive Data.

    Toggle Switch Enable.png

  3. From the pop-up window, click on enable.

    Enable Redact Sensitive Data.png

Potential Risks of Enabling Redaction:

  • Irreversible Redaction: Once data is entered and matches a redaction pattern, it will be permanently redacted. The original data cannot be recovered.
  • Impact on Troubleshooting: Redacted data may limit visibility during debugging or support investigations, making issue resolution more challenging.
  • Over-Redaction Risk: Incorrect or overly broad redaction rules can unintentionally redact non-sensitive or important data, potentially affecting system behavior or audit trails.

How to Disable Data Redaction

To disable data redaction feature, toggle switch Redact Sensitive Data then click on disable.

Potential Risks of Disabling Data Redaction:
Sensitive Information Will Be Exposed: Disabling this feature means that personally identifiable and sensitive data such as credit card numbers and email addresses will be stored and displayed in their original form.
Security and Compliance Risks: Storing unredacted sensitive data may violate internal security policies or external compliance standards (for instance, PCI-DSS, GDPR, ePHI).
Audit and Privacy Concerns: Exposing raw data increases the risk of accidental leaks and may compromise user privacy in audit logs, tickets, or support notes.

How to Add Custom Data Redaction Rules

Apart from the system rules, BoldDesk allows you to add up to 25 custom data redaction rules. Only the subject and responses within tickets, activities, and chat conversations are redacted according to these rules. Follow the steps below to add custom rules.

  1. On the data redaction page, click on Add Rule.

    Add Rule.png

  2. Configure custom redaction rules based on your organization’s privacy needs.

    • Use X to mask characters (at least one X is required).
    • You can include letters, digits, and special characters from the sample text.
    • Special characters (like @, -, .) must match the same position if the pattern length equals the sample text.
    • Only valid characters are allowed (no unsupported symbols).
    • Example: For 123-456, use XXX-XXX to keep the format and mask values.
  3. From the pop-up window fill the following required fields then click on add.

    Field Definition Example
    Rule Name A label used to identify the custom rule and the type of data it targets. Credit Card Number
    Regex Pattern A regular expression used to detect and match specific data formats in text. \b(?:\d{4}-){3}\d{4}\b
    Sample Text A sample value that follows the regex pattern, used for validation/testing. 4111-1111-1111-1111
    Mask Pattern Defines how the detected data should be hidden or anonymized using masking. XXXX-XXXX-XXXX-0000

    Required Fields.png

How to Test Data Redaction Rules

This allows you to try out data redaction rules. Follow the steps below to run a test in the provided playground.

  1. Click on Test Rules on the data redaction page.

    Test Rules.png

  2. In the Playground, type or paste sample text to preview how your active rules will redact it.

    Run Test.png

  3. Click on run test to see the redacted output. You will receive a validation of the Applied Rules

    Test Run.png

How to Manage Data Redaction Rules

You can manage data redaction rules based on whether they are system-defined or custom.

  • System rules can only be activated or deactivated.
  • Custom rules can be created, edited, activated, deactivated, or deleted.

This distinction allows you to control built-in protections while maintaining flexibility to define and manage your own custom redaction rules.

Editing Data Redaction Rule

You can only edit custom data redaction rule. Follow the steps below;

  1. Navigate to data redaction rules page.
  2. On the rule you want to edit, click on more options icon.
  3. Click on edit option.

    Edit Data Redact Rule.png

  4. Make the necessary changes and click on edit to save the changes.

Deactivating Data Redaction Rule

This action can be performed on both system and custom rules. Follow the steps below;

  1. Navigate to data redaction rules page.
  2. On the rule you want to deactivate, click on more options icon.
  3. Click on deactivate option.

    Deactivate Option.png

  4. Confirm by clicking on Yes Deactivate. The deactivated rules will be listed under the inactive tab of the data redaction rules page.

Activating Data Redaction Rule

You can activate both system and custom data redaction rules. Follow the steps below:

  1. Navigate to data redaction rules page.
  2. Click on the inactive tab.
  3. On the rule you want to activate, click on more options icon.
  4. Click on activate option.

    Activate.png

  5. Confirm by clicking on Yes Activate.

Deleting Data Redaction Rule

You can delete only custom data redaction rules. Follow the steps below:

  1. Navigate to data redaction rules page.
  2. On the rule you want to delete, click on more options icon.
  3. Click on delete option.

    Delete.png

  4. Confirm by clicking on Yes Delete. This action is permanent and cannot be reversed.

HIPAA Compliance Integration

When HIPAA compliance is enabled, redaction becomes a critical safeguard. However, organizations can also use redaction independently to enhance general data privacy and security hygiene.

You can enable redaction proactively, even if HIPAA is not currently required.

Data Storage and Retrieval Behavior

Once data is redacted:

  • The redacted version is stored in the database.
  • The original data is permanently unrecoverable.
  • Even internal users with database access cannot view the original sensitive information.

This ensures zero exposure risk for confidential data.

Best Practices for Redaction

  • Enable redaction by default for all support channels.
  • Regularly review redaction rules to align with evolving compliance needs.
  • Train support agents on the importance of data privacy.
  • Proactively enable redaction, even if HIPAA compliance is not currently required, to uphold a high standard of data privacy and security.

Frequently Asked Questions

  1. Can original data be retrieved after BoldDesk redacts it?
    No. After redaction, BoldDesk stores only the redacted text and the original data is permanently unrecoverable.

  2. Is Data Redaction only for HIPAA compliance?
    No. Data Redaction is useful for any organization handling sensitive or personally identifiable information (PII).

  3. Can administrators customize what gets redacted?
    Yes. BoldDesk supports up to 25 custom redaction rules using Regex Pattern + Mask Pattern. In addition, they can also disable the system rules on data they don’t want to be redacted.

  4. What ticket content is included in redaction scope?
    Redaction applies to Subject, Responses, and Activity logs. Custom rules redact Subject and Responses within tickets, activities, and chat conversations.

  5. Can system redaction rules be edited or deleted?
    No. System rules can only be activated or deactivated.

  6. Can custom redaction rules be edited and deleted?
    Yes. Custom rules support activate/deactivate, edit, and delete.

  7. How do I validate a redaction rule before using it in production tickets?
    Use Test Rules on the Data Redaction page to preview redacted output and confirm which rules are applied.

  8. What is the maximum number of custom redaction rules?
    BoldDesk supports up to 25 custom rules.

Related Articles

  1. How to apply for a BAA and enable HIPAA in your BoldDesk account
  2. How to Enable HIPAA
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Access denied
Access denied
Access denied
Access denied

No articles or sections found
No articles or sections found