Protecting Personally Identifiable Information (PII) in RPI
Overview
RPI allows you to protect your customer’s sensitive data by marking specific attributes as Personally Identifiable Information (PII). Marking an attribute as PII lets you use the attribute when making rules or exporting data, but prevents internal users from viewing the specific data when using the attribute.
The video below reviews how to mark an attribute as PII and shows how RPI protects PII.
Marking an attribute as PII
To mark an attribute as PII:
Select Management > Configuration from the quick access menu.
From the left side menu, under Database, choose Catalog.
Find the database table where the attribute is, and select the expansion arrow next to the table name.
Select the attribute from the list.
Under catalog details, check the “Is PII Column” checkbox.
This attribute is now PII, and the data won’t be visible to internal RPI users.
How RPI protects PII
After you mark an attribute as PII, it’s still a fully functional attribute that any RPI user can use. For example, you can still use the attribute in selection rules. However, the values (now PII) in list comparison will be hidden. Users can still manually add values for list comparison using the plus sign button.
The Rule Designer with the values hidden for List Comparison criterion type.
Additionally, if your export template has a column with an attribute marked PII, you won’t be able to view the data in the data viewer.
If you have the ability to import and export as a user setting, this means users can still export and view the PII data outside of RPI. If you want to ensure that RPI users cannot export and view PII data, make sure to turn off the import/export user setting.