Privacy Shield
      Back to home
      1. Help Center
      2. Using School Passport
      3. Privacy Shield

      Mask and exclude sensitive data from sync with Privacy Shield

      Learn how to protect sensitive information using Privacy Shield.

      In this article

      Set up sensitive data

      Apply Privacy Shield to data sharing

      Run import with data source/SIS

      Check Privacy Shield results

      Privacy Shield in School Passport helps education organizations (districts) protect sensitive information. It allows you to mark data as sensitive. When this data is marked, it may automatically be masked or excluded from syncing with applications, unless you change data sharing settings in the request. Only your district will see the original data, while Vendors see only masked information. 

      Note: You can mask only data allowed by an application vendor. For more details, see Privacy Shield levels.

      Applying Privacy Shield consists of the following steps:
      1. Set up sensitive data
      2. Apply Privacy Shield to data sharing
      3. Run import with data source/SIS

      Set up sensitive data

      Caution: If you are not an advanced user, please do NOT change default sensitive data settings. Instead, please contact support@gg4l.com for assistance.

      Identify and mark data that require masking or to be excluded by Privacy Shield. Once specified, this data will be marked as "sensitive" within the application. 

      1. Navigate to the Data Quality > Privacy Shield.
      2. (Optional) In the Filter dropdown, specify the Data Schema or application for which you want to set Privacy Shield. If empty, Privacy Shield applies to all.
      3. Choose an entity.
      4. Select the Privacy Shield checkbox to specify as sensitive.
      5. Click Save

      Apply Privacy Shield to data sharing

      Note: When you activate a new application, Privacy Shield is enabled by default.

      Once you've marked data as sensitive, you need to apply data masking for any sharing of this data with external systems or users. See How sensitive data is shared.

      1. On the Home page, choose an application. 
      2. Click Overview > Request Changes.
      3. (Recommended) To apply masking and exclusion for all sensitive data at once:

        1. In the Privacy Shield section, turn the toggle on. Note: When you activate a new application, Privacy Shield is enabled by default.
        2. Click Apply to apply both masking and exclusion. If you only want to apply masking, click Apply Masking Only.
      4. Alternatively, choose specific sensitive data to mask or exclude in the Attributes section:
        1. To mask specific sensitive data, select the Privacy Shield Supported checkbox for the data you want to mask. Note: If the Privacy Shield Supported checkbox is unavailable for a specific attribute, it means that masking is not supported for that attribute. If you don’t want to share this attribute, exclude it from the sync
        2. To exclude specific sensitive data from sync, clear the Available checkbox for the data attributes you want to exclude. 
      5. (Optional) Configure other settings.
      6. Click Request Changes and wait for its approval. If masked and excluded data meets the requirements for a Privacy Shield level, the application will be assigned that level.

      Run import with data source/SIS

      Once you have vendor approval, go to the data source/SIS and run sync. This will apply masking to the imported sensitive data based on the masking rules.

      Check Privacy Shield results

      Viewing attributes that will be protected can help you understand what data is available for the application so that you can make the best decision about data sharing.

      To view which attributes were masked or excluded:

      1. On the Home page, choose an application with Privacy Shield enabled.
      2. Go to the Consents tab and choose the last approved consent.

      3. Scroll to the Enabled Data Masking section. This section displays attributes that are masked for the vendor.

      To view how the vendor will see your data after applying the Privacy Shield:

      After data import with data source/SIS is completed, you can preview how sensitive data is shared with an application. Follow these steps:

      1. Go to Data Browsing > Rostering.
      2. Select an application from the list.
      3. Select an entity to review the Privacy Shield results.
      4. Choose a record to view its details.
      5. Discover how the vendor sees your data. In this example, the Last Name (1) and Email (2) are masked, and the Username (3) is NOT shared. 

      Tip: If you've applied Privacy Shield to different attributes for the same entity in different apps, you can check how the record`s data is masked or excluded for each application in the application data view. To do this, click "here" in the notification at the top.

       

      To view how Privacy Shield was applied to record data across multiple apps:

      You can apply Privacy Shield to different attributes of the same entity in different applications. In this case, the same value may be masked differently. For example, the name "John" may be masked as "L-ggf’ektvawv" in one app and as "K-ggl’awnlrnx" in another. 

      1. Go to Data Browsing > Rostering.
      2. Select an entity and then choose a record to view its details.
      3. Scroll down to the Privacy Shield Information tile.

      Note: If a duplicate conflict occurs for a record with sensitive data masked by Privacy Shield, additional Privacy Shield metadata will be added to the resulting record after the conflict is resolved.