Redaction suggestions powered by Zendesk's Advanced Data Privacy and Protection add-on

Redaction suggestions powered by Zendesk's Advanced Data Privacy and Protection add-on

This article takes a look at the new Redaction Suggestions for PII in Zendesk. Part of the Advanced Data Privacy and Protection add-on, this feature automatically looks for, and highlights potential personal information in your support tickets.

Zendesk's Advanced Data Privacy and Protection add-on – or ADPP in short – might be one of the more unknown packages Zendesk sells. It takes the native security features in Zendesk and turns them to eleven.

  • Access Log lives along side the existing Audit Log. Where audit log shows you who made changes, access log shows you who accesses what data
  • Advanced data retention policies allow you to create multiple deletion schedules in your Zendesk instance as compared to the single one you get by default
  • Redaction suggestions automates the redaction process agents have to do manually
  • Advanced Encryption allows you to bring your own key to encrypt your Zendesk data

In this article we'll talk a look at the Redaction suggestions that automate the process of removing personal information from your tickets.

Entity Detection

Zendesk has been gradually expanding their use of AI, and especially entity detection across their platform.

Within the Ultimate Bot you can use Entities to detect if a customers' message contains a valid email address, matches the format of your loyalty cards, or if a date is properly formatted.

Similar the new Entity detection (EAP) for Advanced AI parses every comment in your Zendesk instance and highlights matches entities like product types, locations, colors and the like.

These kind of entity detection processes are useful to make sure the data provided by customers is correct (preventing needless back and forth to collect the right data), or to automate the routing and processes for specific ticket types (a ticket that matches Paris in a Hotel chain ticket might route to the French Hospitaly team for example).

Zendesk Entity Detection for Intelligent Triage (EAP)
The new Entity detection for Zendesk Intelligent Triage allows you to now not only know why customers are contacting you, but also know what they are talking about.

But this kind of entity detection is also useful for scenarios where privacy and security are key. A customer might email you their full credit card number — where you only really need the last four characters. Or they send you their original password while complaining they can't login.

In more legit scenario's you might require them to forward you their social security number and date of birth for identification purposes.

But either way, receiving this data, and especially keeping this data in your Zendesk instance is dangerous and unnecessary once you've used the data for its purposes. Zendesk itself might be built with security in mind, and elements like multi-factor authentication or automatic deletion of older tickets e.a. are all good ways to further reduce risk.

Even so, the best way to secure this kind of Personal identifiable information (PII) is just asking for it, and in case you do receive it, to redact is as soon as possible.

Redaction in Zendesk

Within Zendesk you've always been able to redact data from tickets. An agent can select part of a ticket, and use the context menu next to the comment to redact that part of the ticket. It makes it easy to remove elements like bank account numbers, password, credit cards or other unwanted information.

The downside of this manual approach is that agents need to actively look for this kind of PII, which means most of that data will not be redacted.

Redaction Suggestions

Redaction suggestions take the redaction feature in Zendesk, and combine it with the concept of Entity detection.

When enabled, the system will automatically parse comments for about a dozen different identifiers, and will highlight those in comments.

An overview of the available identifiers that can be detected

Once detected these elements will be highlighted in comments. If an agent uses the context menu, they can now choose to automatically redact all PII detected, or if needed, go into the comment and select only those items that he wants to redact

As mentioned, agents can still jump into a comment and manually redact only some elements, but the same highlighted items are still available for them, making it easy to select what they need.

Redact, but don't highlight

Similar to the Entity Detection for Advanced AI, Zendesk highlights the detected elements in conversations. This might quickly lead to the interface starting to look like coloring book your kids got too. Blue highlighted text for entities, orange for redactable PII,..

Reading such conversations is tiring, so luckily Zendesk allows you to detect, but not highlight PII in conversations. They'll still show up in the redaction screen, but the regular conversation stays clean and easy to ready.

💡
You'd almost hope for a marker button next to the summary, filter and events options at the top of a conversion to toggle this entity and PII highlighting on and off.

Conclusion

So, that's Redaction Suggestions. An automated way to highlight PII in tickets with an easy way to redact those elements for agents with the click of a button.

Are there things missing? Sure. I'd love to be able to add my own items to this list. Belgian identity cards have their own unique format and can't be detected yet for example.

Similarly, I'd love for an integration in automation and triggers for this. A flow where "if a ticket is closed, redact any detected PII" comes to mind for example.

But as always, Zendesk's approach is a gradual and careful approach. In this phase we can detect and bulk redact with the agent in control. I can only assume they have some metrics running that checks how correct their detections are, and it's only a matter of time before that check meets a threshold where they consider it safe to offer auto-redaction.