Executive Summary
The key in meeting the requirements of today's privacy regulations and protecting personal information (PI) from unauthorised use and disclosure lies in understanding and managing the use of personal information within an organization's data environment. Spread across a multitude of repositories and application data sets, PI use can be difficult to manage through written policy alone.
We at LightBeam.ai believe the best way to implement policy across an organization is to supplement written policy with technical controls designed for specific applications and functions. By working with our clients we have developed several application and function specific controls focusing on discovering, analyzing, and enforcing control over the use of personal information within popular applications.
Zendesk is a company that provides software-as-a-service products related to customer support, sales, and other customer communications. Using service tickets to interact with customers Zendesk tracks lots of information about service requesters and stores it long term as part of the service record.Guided by the privacy principle to only keep PI for as long as is needed, LightBeam.ai has developed controls specific for how Zendesk uses and stores personal information.
Our AI driven platform engine named Spectra can easily be configured to review all service tickets to automatically discover, analyze, and enforce privacy policies regarding sensitive information stored in service tickets. By finding and redacting PI in tickets that have been completed, organizations can reduce privacy risk and meet retention requirements for data that is no longer needed. By then automating the execution of these control policies, Privacy Officers can develop custom rule sets that continually scan, monitor, and control how PI is used and controlled within Zendesk. The details for how this happens are discussed below.
Audience
This document is intended for organizations who have implemented Zendesk and whose processing with Zendesk uses personal information. It is meant for both technical and non technical audiences. Privacy Officers, CISOs/Security Architects, and Support leaders within organizations using Zendesk will find this reference architecture useful in automating data privacy.
Purpose
This document provides greater details on the problem of processing personal information within Zendesk and how LightBeam can be used to manage the use of PI and reduce the risk posed by long term storage of PI.
Zendesk Overview
Zendesk is award-winning customer service software platform in use by 200K+ customers.
A leader in customer relationship management (CRM), Zendesk platform gathers customer information from multiple sources and creates interaction tickets, centrally storing tickets as the service is in progress. A workflow engine allows for the creation of custom workflows for various business processes exposing the information to anyone that has access. Zendesk supports multiple channel inputs and can receive contact via: Email; Social media like Facebook; or social messaging like WhatsApp, Wechat, Twitter Direct, etc. creating support tickets from multiple sources across the organization.
Used across a multitude of business types, Zendesk supports many different process types. Many customer interactions require the use of PI and the type of PI will vary by process type. Common fields like;Name, Address, and Phone may be stored in structured fields while other information like credit card information for one time use can be captured and stored in open text fields. Long term storage of PI in closed tickets creates risk and should be addressed.