Totango enterprise customers have a myriad of SuccessTeams, users, and company-wide policies that structure what information and data end-users can access and view in Totango (Customer Success Center, APIs, and Zoe).
In order to handle cases where customers want to send Totango data that is considered sensitive, such as PII, we have developed a solution to control access to sensitive information so that it is not accessed by unauthorized users. We are excited to introduce a new feature to prevent exposure of sensitive data to end users.
The Global Admin can define which user attributes and custom user attributes are sensitive. Sensitive data will not be visible to end users but the data can still be used in Totango for segmentation purposes. For example, you can create a campaign to send that includes the email addresses but the actual addresses will not be visible to the user. This feature is only available for User Attributes and Custom Attributes (under User Attributes) in Totango.
This feature is a part of a bigger security program Totango offers: Totango Shield.
How do I define Sensitive Data in Totango?
Step 1: Global Admins can define which user data is sensitive via Global Settings -> Attributes and Metrics -> User Attributes.
Step 2: Select the User Attribute you would like to define as sensitive and click on "Yes" for Sensitive Data.
What attributes can be defined as sensitive data in Totango?
This feature is only available for User Attributes and Custom Attributes (under User Attributes) in Totango as the value of this feature is to secure PII data in Totango. The only limitation of this feature is the out-of-the-box "name" attributes (see below screenshot) cannot be defined as sensitive. We recommend using a GUID when importing data into Totango for this attributes if the end-users' names of your customers are considered sensitive.
Who can see sensitive data in Totango?
Only Global Admins in Totango can view Sensitive Data. Attribute value with a shield icon next to indicates it is a sensitive data, which means users that are not Global Admins will not see this data in the UI with their credentials.