.svg)
Learn how to protect sensitive information using Privacy Shield.
In this article
- If the application supports Privacy Shield for these data, sensitive data will be masked.
- If data is required by an application, sensitive data will still be shared.
- Otherwise, sensitive data will NOT be shared with an application.
How is data masked?
Privacy Shield can mask the following attributes for students, teachers, contacts, or admins:
|
Attribute |
Description |
Example |
|
First Name |
Exposes the first letter only, replacing the rest of the string with asterisks (***). Note: For the SP Engagement application after all syncs except the first one, replaces it with the last name. Example: for Richard Sullivan, returns Sullivan. |
For Richard, returns R***. |
|
Last Name |
Exposes the first letter only, replacing the rest of the string with asterisks (***). |
For Susan Rivera, returns R***. |
|
|
Replaces an email username with a set of random letters, and adds your district GUID to the domain. Upon activation of the application by a district (before the first data import), returns an empty string. |
For jane@custom-domain.com, returns jQHDyQuj7vJcveEe59@dd45076e-8eb4-42e1-b631-7f177943de46custom-domain.com |
Specify sensitive data
Identify the data that needs protection with Privacy Shield. Such data will be marked as sensitive on Data Access Consent.
-
Navigate to the Data Quality > Privacy Shield.
- (Optional) In the Filter dropdown, specify the data sources you want to set Privacy Shield. If empty, the settings will be applied to all data sources in your district.
- Choose an entity.
- Select the Privacy Shield checkbox to specify as sensitive.
- Click Save.
Apply Privacy Shield for data sharing
To apply Privacy Shield to an application, you should send a Data Sharing Request for changes with the enabled Privacy Shield.
- Go to the application > Overview > Request Changes.
- To protect all sensitive data in bulk, turn on the Privacy Shield toggle. Data will be made unavailable for sharing or shared in masked form as described above.
- To protect only specific data, go to the Attributes section:
- Select the Available checkboxes for data to be shared with the application. Data that is not selected will not be shared.
- Select the Privacy Shield Supported checkboxes for data to be shared but masked. This option is only available for data that is Privacy Shield supported by the application.
- Click Request Changes and wait for its approval.
- Run import.
Browse Privacy Shield results
You can preview how the masked data is shared with an application before initial synchronization. To display masked data, go to Data Browsing > Rostering and choose an application.
Select a record and observe how the Vendor sees your data. In the folowing screen, the contact's Last Name (1) and Email (2) have been masked, and the Username (3) is not available to be shared.
When viewing a full dataset for a record, on the Privacy Shield Information tile you can view the applications to which this record has been masked and how. Please note that this information is displayed only when you view the full data set for the record.
Note:
If a duplicate conflict arises for a record with sensitive data that has been masked by Privacy Shield, additional PII metadata will be included in the resulting record once the conflict is resolved.