Prerequisites
  • Admin role

When you use Speech and Text Analytics and enable voice transcription or topic spotting for an interaction in Genesys Cloud, you can redact sensitive information from call recordings or voice transcripts.

To redact sensitive information automatically:

    1. Click Admin.
    2. Under Account Settings, click Organization Settings.
    3. Click the Settings tab.
    4. Under Security & Compliance, turn the Sensitive Data Redaction for Payment Cards or Sensitive Data Redaction for Personal Information toggle switch on or off:
      • ON — Enables automatic redaction of sensitive information of the customer in recordings and voice transcriptions.
      • OFF — Disables automatic redaction of sensitive information of the customer in recordings and voice transcriptions.

    Notes:
    • On a best effort basis, the option when switched on automatically redacts Payment Card Industry (PCI) entities and personal information entities from recordings and transcripts. This capability is only available if speech or text analytics is enabled for the interaction. Users with Recording > Recording > ViewSensitiveData permission can still access the original recording, regardless of the security setting option. Administrator must explicitly grant this permission to the user.
    • Genesys recommends that you use Secure Pause or Secure Call Flows as the first line of defense. Only Secure Pause and Secure Call Flows are valid by an external Qualified Security Assessor as Level 1 PCI DSS compliant. For more information about PCI DSS compliance, see PCI DSS compliance.

    The following table lists the sensitive information that is redacted based on the option that you choose:

    Redaction option Redacted information
    Sensitive Data Redaction for Payment Cards
    • Credit card and debit card numbers
    • Card expiration date
    • Card Verification Value (CVV) or Card Identification (CID) number, a three-digit or four-digit number printed on the front or back of the card
    • Person name

    Note: Person name is classified as PCI if it appears in proximity to a credit card. Otherwise, it is considered as PII.

    Sensitive Data Redaction for Personal Information
    • User information
    • Phone number
    • Email address
    • Person name
    • Zip or postal code
    • Passwords
    • Locations
    • National Identification Number
    • Other PII such as license plate number and bank account number

    Notes:

    • Person name is classified as PCI if it appears in proximity to a credit card. Otherwise, it is considered as PII.
    • Locations encompass countries, cities, and addresses.
    • The coverage for National Identification Number includes only the following countries:
      • Australia
      • Canada
      • UK
      • US