Enable automatic redaction of sensitive information

Prerequisites
  • Genesys Cloud CX 1 WEM Add-on II, Genesys Cloud CX 2 WEM Add-on I, or Genesys Cloud CX 3 license
  • Admin role

The following permissions:

  • Routing > Transcription Settings > View permission
  • Routing > Transcription Settings > Edit permission

    When you use Speech and Text Analytics and enable voice transcription or topic spotting for an interaction in Genesys Cloud, you can redact sensitive information from call recordings and voice transcripts.

    To redact sensitive information automatically:

      1. Click Admin.
      2. Under Account Settings, click Organization Settings.
      3. Click the Settings tab.
      4. Under Security & Compliance, turn the Sensitive Data Redaction for Payment Cards or Sensitive Data Redaction for Personal Information toggle switch on or off:
        • ON — Enables automatic redaction of sensitive information of the customer in recordings and voice transcriptions.
        • OFF — Disables automatic redaction of sensitive information of the customer in recordings and voice transcriptions.

      Notes:
      • On a best effort basis, the option when switched on automatically redacts Payment Card Industry (PCI) entities and personal information entities from recordings and transcripts. This capability is only available if speech or text analytics is enabled for the interaction. Users with Recording > Recording > ViewSensitiveData permission can still access the original recording, regardless of the security setting option. Administrator must explicitly grant this permission to the user.
      • Genesys recommends that you use Secure Pause or Secure Call Flows as the first line of defense. Only Secure Pause and Secure Call Flows are valid by an external Qualified Security Assessor as Level 1 PCI DSS compliant. For more information about PCI DSS compliance, see PCI DSS compliance.

      The following table lists the sensitive information that is redacted based on the option that you choose:

      Redaction option Redacted information
      Sensitive Data Redaction for Payment Cards
      • Credit card and debit card numbers [card number]
      • Card expiration date [card expiry date]
      • Card Verification Value (CVV) or Card Identification (CID) number, a three-digit or four-digit number printed on the front or back of the card [card number]
      • Person name [card number]

      Note: Person name is classified as PCI if it appears in proximity to a credit card. Otherwise, it is considered as PII.

      Sensitive Data Redaction for Personal Information
      • User information such as usernames [user info]
      • Phone number [phone]
      • Email address [email]
      • Person name [name]
      • Zip or postal code [postal code]
      • Passwords [user info]
      • Locations [location]
      • National Identification Number [national id]
      • Other PII such as license plate number and bank account number [sensitive data]

      Notes:

      • Person name is classified as PCI if it appears in proximity to a credit card. Otherwise, it is considered as PII.
      • Locations encompass countries, cities, and addresses.
      • The coverage for National Identification Number includes only the following countries:
        • Australia
        • Canada
        • UK
        • US
      • The transcript API response includes the following entities in the UI:
        • “CARD_NUMBER”: “card number”
        • “CARD_EXPIRY_DATE”: “card expiry date”
        • “SSN”: “national id”
        • “ZIPCODE”: “postal code”
        • “PII_OTHER”: “sensitive data”
        • “PHONE_NUMBER”: “phone”
        • “PERSON”: “name”
        • “GEO”: “location”
        • “USER_INFO”: “user info”
        • “EMAIL”: “email”