💡 Strong Data Protection Compliance and Deletion Guide with Qualtrics: An FSI Perspective 💡

The question I have, and raised a few times is how to we safeguard the data whilst within the platform, particularly in regards to the exporting of data. 

The functionality here is fairly blunt, turn on or off for particular users/projects. You cannot separate permissions for exporting at widget level or dashboard level.  Ideally you be able to flag fields as sensitive and not have these exportable, even though you may require this data to send a survey (i.e. email) or you may be showing the data aggregated in a dashboard (whilst at an individualised level it’s more sensitive). A log of who has downloaded what data, would also help with different data retention and destruction requirements.

In FSI so much of our data can be sensitive or prone to misuse, whilst also being very useful. We are left with preventing exports, but there is many good use cases for users to export certain data for different activities.  An example is we need to provide customer name and contact details for ticketing/closed loop activities, however no one should be able to extract a list of every single customer, which they can do today if we enable export for anyone. Even as Brand admins it’s a little too easy.

I’d love to hear more about what Qualtrics is doing in this space, as the industry and regulations are only going to crack down further and our organisation needs to come up with many controls and processes outside of the platform to manage these.  I am starting to imagine the day may come where we can’t use such a tool due to these limitations unless Qualtrics release more functionality. 

Perhaps I am missing something though and it would be good to know what others are doing in this space.  Is it about integrating the data into other data platforms with greater controls and reporting on access etc.

Hi @ScottG , thank you for your response! Your question is excellent and many other members of the FSI community likely share your concerns. Unfortunately, currently, there is no way to restrict exporting permissions as you have described. It would be incredibly valuable to be able to mark certain widgets, pages, or specific fields as exportable while keeping sensitive data safe. Although there is a feature request for this, I cannot provide a specific timeline for its implementation. If you haven’t already, I encourage you to upvote the idea on the Community Evolve table. (EV-734, EV-900)

As a temporary solution, some clients have created a separate duplicated dashboard that only includes limited data that can be safely exported, while all other dashboards block exports.

Additionally, I suggest utilizing Dashboard Data restrictions, which allow you to omit restricted data from both viewing and exporting. You can find more information about this feature on the support page here.

Please also review the new retention, anonymization, and deletion policies, which may provide further guidance and support. You can access these policies here.

I hope this information is helpful to you!

@Scott Tomlinson appreciate the response. Perhaps it was a bit too optimistic on my part, but at least confirms we do the same as other clients in this space. 

I did recently see some functionality exists in the EX space, so I am hopeful the feasibility of it coming to CX might be a possibility soon.

Thanks @ScottG for raising this point here and @Scott Tomlinson - its great to see that we already have a feature request created for this. Will surely upvote it.