Secure Fields
Overview
Secure Fields allow for the secure storing of private or sensitive information. The data in these fields can be entered by anyone when creating a new case but can only be accessed with the proper permissions.
When having access to user’s private information or PII’s (Personally Identifiable Information), it’s important to protect the user's data, specifically when certain data (Social Security Numbers, etc.) are not usually included as part of Freedom of Information Requests.
Secure Fields will block out the content of the field and prevent editing of the content, unless a user with permission specifically “unlocks” the field.
Secure Fields can be configured for any standard AIF as well as AIF fields used in the contact screen.
Data Stored in a Secure Field is encrypted at rest. (This means that even if someone was able to access the stored data, it would be unreadable.)
Data stored in a Secure Field is not reportable and will not show up on MAGNET Data Grids.
View Screen and Edit Screen
When a secure field is shown, regardless of if the user has permission to see the data, the field will simply display asterisks (******). If the user has permission to view the data, a lock icon is displayed next to the field. Upon clicking on the lock field, the data is pulled and decrypted asynchronously and displayed in the text field.
If the user does not have permission a question mark icon is displayed next to the field, that upon hover displays a tooltip “You do not have permission to view or edit this data. Please contact an administrator to request access to secure fields.”
The field data is never updated in the database unless the user has unlocked the field. Otherwise, the field data will remain untouched.
Case Creation Dialog
Since there will be no data initially in Secure Fields, and counter personnel may have initial access to Secure Fields; any user is able to enter data into secure fields during case creation.
After entering data into a secure field, after leaving the Secure Field, the field will change to a password field to obfuscate the data. When clicking back into the field, it will turn it back into plain text.
The field will have a question mark icon next to it that upon hover shows the following details “This field is Secure. Any data entered into this field will only be visible/editable by users with permission to view secure fields.”