How to Use Data Redaction Feature in BoldDesk
BoldDesk provides a data redaction feature designed to protect sensitive information and support compliance with privacy regulations such as HIPAA. This feature automatically detects and obscures confidential data in support tickets using customizable redaction rules.
Redaction ensures that teams can continue their operations efficiently while preventing unauthorized access to sensitive data.
Data Redaction and Scope
Data Redaction
Data redaction refers to the process of masking or removing sensitive information from digital records to prevent unauthorized access. In BoldDesk, redaction ensures secure handling of support tickets while maintaining operational efficiency.
Scope of Redaction
Redaction rules apply specifically to the following areas within a ticket, each of which may contain sensitive data that needs protection.
- Subject
- Responses
- Activity logs
Types of Sensitive Information That Can Be Redacted
The system supports redaction of various types of sensitive data, including but not limited to:
- Credit card numbers
- Social Security Numbers (SSN)
- Phone numbers
- Email addresses
How to Enable Data Redaction
Follow these steps to configure redaction in BoldDesk:
- Navigate to: Agent Portal > Admin Module > Settings >Security & Compliance > Data Redaction
- Toggle switch to enable Redact Sensitive Data.
- From the pop-up window, click on enable.
Potential Risks of Enabling Redaction:
- Irreversible Redaction: Once data is entered and matches a redaction pattern, it will be permanently redacted. The original data cannot be recovered.
- Impact on Troubleshooting: Redacted data may limit visibility during debugging or support investigations, making issue resolution more challenging.
- Over-Redaction Risk: Incorrect or overly broad redaction rules can unintentionally redact non-sensitive or important data, potentially affecting system behavior or audit trails.
How to Disable Data Redaction
To disable data redaction feature, toggle switch Redact Sensitive Data then click on disable.
Potential Risks of Disabling Data Redaction:
Sensitive Information Will Be Exposed: Disabling this feature means that personally identifiable and sensitive data such as credit card numbers and email addresses will be stored and displayed in their original form.
Security and Compliance Risks: Storing unredacted sensitive data may violate internal security policies or external compliance standards (for instance, PCI-DSS, GDPR, ePHI).
Audit and Privacy Concerns: Exposing raw data increases the risk of accidental leaks and may compromise user privacy in audit logs, tickets, or support notes.
How to Add Custom Data Redaction Rules
Apart from the system rules, BoldDesk allows you to add up to 25 custom data redaction rules. Only the subject and responses within tickets, activities, and chat conversations are redacted according to these rules. Follow the steps below to add custom rules.
-
On the data redaction page, click on Add Rule.
-
Configure custom redaction rules based on your organization’s privacy needs.
- Use X to mask characters (at least one X is required).
- You can include letters, digits, and special characters from the sample text.
- Special characters (like @, -, .) must match the same position if the pattern length equals the sample text.
- Only valid characters are allowed (no unsupported symbols).
- Example: For 123-456, use XXX-XXX to keep the format and mask values.
-
From the pop-up window fill the following required fields then click on add.
Field Definition Example Rule Name A label used to identify the custom rule and the type of data it targets. Credit Card Number Regex Pattern A regular expression used to detect and match specific data formats in text. \b(?:\d{4}-){3}\d{4}\bSample Text A sample value that follows the regex pattern, used for validation/testing. 4111-1111-1111-1111 Mask Pattern Defines how the detected data should be hidden or anonymized using masking. XXXX-XXXX-XXXX-0000
How to Test Data Redaction Rules
This allows you to try out data redaction rules. Follow the steps below to run a test in the provided playground.
-
Click on Test Rules on the data redaction page.
-
In the Playground, type or paste sample text to preview how your active rules will redact it.
-
Click on run test to see the redacted output. You will receive a validation of the Applied Rules
How to Manage Data Redaction Rules
You can manage data redaction rules based on whether they are system-defined or custom.
- System rules can only be activated or deactivated.
- Custom rules can be created, edited, activated, deactivated, or deleted.
This distinction allows you to control built-in protections while maintaining flexibility to define and manage your own custom redaction rules.
Editing Data Redaction Rule
You can only edit custom data redaction rule. Follow the steps below;
- Navigate to data redaction rules page.
- On the rule you want to edit, click on more options icon.
- Click on edit option.
- Make the necessary changes and click on edit to save the changes.
Deactivating Data Redaction Rule
This action can be performed on both system and custom rules. Follow the steps below;
- Navigate to data redaction rules page.
- On the rule you want to deactivate, click on more options icon.
- Click on deactivate option.
- Confirm by clicking on Yes Deactivate. The deactivated rules will be listed under the inactive tab of the data redaction rules page.
Activating Data Redaction Rule
You can activate both system and custom data redaction rules. Follow the steps below:
- Navigate to data redaction rules page.
- Click on the inactive tab.
- On the rule you want to activate, click on more options icon.
- Click on activate option.
- Confirm by clicking on Yes Activate.
Deleting Data Redaction Rule
You can delete only custom data redaction rules. Follow the steps below:
- Navigate to data redaction rules page.
- On the rule you want to delete, click on more options icon.
- Click on delete option.
- Confirm by clicking on Yes Delete. This action is permanent and cannot be reversed.
HIPAA Compliance Integration
When HIPAA compliance is enabled, redaction becomes a critical safeguard. However, organizations can also use redaction independently to enhance general data privacy and security hygiene.
You can enable redaction proactively, even if HIPAA is not currently required.
Data Storage and Retrieval Behavior
Once data is redacted:
- The redacted version is stored in the database.
- The original data is permanently unrecoverable.
- Even internal users with database access cannot view the original sensitive information.
This ensures zero exposure risk for confidential data.
Best Practices for Redaction
- Enable redaction by default for all support channels.
- Regularly review redaction rules to align with evolving compliance needs.
- Train support agents on the importance of data privacy.
- Proactively enable redaction, even if HIPAA compliance is not currently required, to uphold a high standard of data privacy and security.
Frequently Asked Questions
-
Can original data be retrieved after BoldDesk redacts it?
No. After redaction, BoldDesk stores only the redacted text and the original data is permanently unrecoverable. -
Is Data Redaction only for HIPAA compliance?
No. Data Redaction is useful for any organization handling sensitive or personally identifiable information (PII). -
Can administrators customize what gets redacted?
Yes. BoldDesk supports up to 25 custom redaction rules using Regex Pattern + Mask Pattern. In addition, they can also disable the system rules on data they don’t want to be redacted. -
What ticket content is included in redaction scope?
Redaction applies to Subject, Responses, and Activity logs. Custom rules redact Subject and Responses within tickets, activities, and chat conversations. -
Can system redaction rules be edited or deleted?
No. System rules can only be activated or deactivated. -
Can custom redaction rules be edited and deleted?
Yes. Custom rules support activate/deactivate, edit, and delete. -
How do I validate a redaction rule before using it in production tickets?
Use Test Rules on the Data Redaction page to preview redacted output and confirm which rules are applied. -
What is the maximum number of custom redaction rules?
BoldDesk supports up to 25 custom rules.