Skip to main content
  1. Hootsuite Help Center
  2. Manage customer care with Inbox 2.0
  3. Admins: Manage privacy and security

  Article updated: March 19, 2023

Handle personally identifiable information in Inbox 2.0

Audience: Inbox 2.0 admins

Personally identifiable information (PII) refers to details that could be used to identify or infer the identity of an individual, such as credit card information and Social Security numbers. Sometimes people send sensitive information without realizing the risk.

You can help protect their information by enabling manual message masking and automatic message masking:

  • Go to Inbox 2.0, select Admin settings, expand Privacy and security, and then select PII handling.

To enable all forms of masking, select all of the following:

  • Allow manual message masking
  • Credit card number
  • Social Security number

Manual message masking

Manual message masking conceals the full text of inbound messages that contain sensitive information, both in conversation history and in back-end storage systems. It works on all channels, both public and private.

Admins can mask messages in the agent workspace by selecting the Mask option next to the message when replying.

The Mask icon appearing under a mouse pointer.

Important: Manual message masking cannot be undone.

All message content is replaced with asterisks (*), one for each character in the message. A message audit trail is added that says, “Message content masked by [Admin Name] - [timestamp]."

Automatic message masking

Automatic message masking conceals sensitive information in messages as soon as it enters the system. Each mask is defined as a pattern that automatically replaces matching text, both in conversation history and in back-end storage systems, before it gets routed to agents. It works on all channels, both public and private.

In messages:

  • The first 12 digits of credit card numbers are replaced with Xs, like so: XXXXXXXXXXXX1234.
  • The first 5 digits of US Social Security numbers are replaced with Xs, like so: XXXXX1234.

Dashes and single spaces within numbers do not affect detection or masking.

All messages are automatically checked using the following system:

  • Credit card numbers - The Luhn algorithm determines whether a number is a credit card number or another series of numbers.
  • Social Security numbers - Messages are scanned for numbers in a specific format: 3 digits, an optional space or dash, 2 digits, an optional space or dash, and 4 digits.

 

Can't find what you're looking for? We're here to help