Disable the ability to Export to CSV

Comments

7 comments

  • Product Team

    Nick what is the reason behind this? GDPR? Workers Council?

    0
    Comment actions Permalink
  • Sean Maguire

    Completely agree with Nick on this. Users should NEVER be allowed to download sensitive customer data into unprotected systems unless explicitly permissioned to do so.

    Within the UI, we can at least control who gets let in and offered a user profile, what is their account scope, what is their role and what can users assigned to that role do and see. We can control who gets invited to SuccessBlocs and who is a collaborator, who gets added to specific SuccessTeams and what are the settings on that team, etc. Within the UI, we can also control how customer info gets protected via system infrastructure and implement standards like SSO, 2FA, data file encryption, and more.

    However, the moment they go into a segment and are offered the ability to download a CSV, all of those protections vanish. One human error is all it takes to eliminate the multi-layered fortifications we've built directly into the tenant. That sensitive customer data is suddenly exposed and goes unprotected out into the wilderness. It can be shared in emails. It doesn't require passwords to unlock the file. Sure, there are GDPR, Works Council, DPP, and related considerations at play here, but this one is bigger and more foundational than that.

    Adding a setting to allow for permissioning on CSV download capability seems like such a no-brainer that it's strange to me that we even need to ask for it, and even stranger that the product team would ask what is the reason.

    0
    Comment actions Permalink
  • Nick Infante

    My feedback is very similar to Sean's. There is not one specific reason for this request, rather every user having the ability to export all data that they have access to is an enormous security hole.

    0
    Comment actions Permalink
  • Vijay

    Nick and Sean thank you for your input. I will look into this ASAP.

    Thanks

    Vijay

    0
    Comment actions Permalink
  • Vijay

    Sean and Nick, even if we restricted the export to only the right team members via permissions, there is no way to control them from sharing it with others who don't have the necessary privileges outside the system.

    Thoughts?

    0
    Comment actions Permalink
  • Sean Maguire

    If we could permission the CSV download link, then the individuals being granted this permission in our org would be limited to a tiny select few who have received additional training in data security, proper approvals and oversight for this expanded capability... limited to those who understand the relevant risks and methods of protecting sensitive data (not just any random one of our thousands upon thousands of CSMs or CEEs or sales people, for example).

    An additional benefit of an authorization like this is how it would make following up on any potential breaches or leaks in the future far simpler (since the list of possible sources will have shrunk tremendously from thousands to mere tens).

    You are, of course, correct though. Once the file is outside of Totango then it's outside of our control. That's precisely why we would like to limit who has the ability to pull CSV files from the system in the first place.

    Sure, if someone is motivated and wants the data badly enough then they'll find a way (like taking screenshots, for example), but that's an edge case where nefarious intent is fairly obvious. With this, we're trying to protect those other 99.9% who simply might not know any better, and by doing so we're trying to better protect ourselves and (more importantly) our customers.

    Appreciate your interest and willingness to better understand.

    0
    Comment actions Permalink
  • Nick Infante

    Again, I completely agree with Sean's comments. Happy to discuss further if you would like.

    0
    Comment actions Permalink

Please sign in to leave a comment.