How To: Protect Sensitive Data While Getting Support
Introduction
SeaCare® and SeaEvent® are both products with inherently sensitive data. When you need support on these applications, there may be circumstances where you'll need to share sensitive information with our team of application support professionals. This article will give you the tools you need to keep your interactions safe and compliant.
What is sensitive data?
In general, "sensitive data" means any data point which could be potentially lead to a regulatory compliance concern if handled improperly or result in harmful effects if intercepted by an unauthorized party. Examples of sensitive data points include:
- First Name
- Last Name
- Date of Birth
- Any health related data point (eg. vitals, diagnoses, physician notes, etc).
- Statements of wrongdoing or controversial matters
- Security Tokens & Passwords
This article is not legal advice, and if you have any questions regarding which data is sensitive or your obligations relating to the management of sensitive data, you should contact a legal resource within your organization.
How can I safely transmit sensitive data in a support request?
There are two principals to follow to ensure that you're safeguarding sensitive data when requesting support.
1. Sanitize Your Request Text
Make sure that the body of your request to Tritan Software Support does not contain any sensitive information. Do not refer to crew members, guests, or any other party by first and last name within your request. Instead, for any sensitive data point, if it's necessary to share, include this information in an attachment.
2. Transmit Attachments Securely
Upload all attachments with sensitive information exclusively using this portal. Within this portal, below every comment box in every ticket is an area where you can select a file from your machine or drag and drop a file. Use this tool exclusively for all attachments. Do not send attachments with sensitive information via email. Always upload directly from our Portal.
How am I supposed to communicate without using names?
We realize that good security practice can occasionally be inconvenient. However, we can assure you, it's not impossible. We're seasoned experts at communicating without using sensitive data, below are some of our best tricks for effectively communicating without jeopardizing security.
1. Assign variables within attachments and refer to them in the message body
One could prepare an attachment document with necessary information, such as this example:
A: Jane Doe, 11/12/1973
B: John Smith, 01/03/1954
Then, in the body of the message, instead of referring to individuals by name, refer to them as patient/guest/crew member A.
2. Use file names to differentiate
If you're transmitting sensitive information without any non-sensitive unique data points, but you only have one subject per file, use your file name (eg: Crew_1.txt) to differentiate and refer to the patients by file name. Please note that you should never include sensitive information in the names of files.
3. If necessary, use initials or internal identifiers.
If there's simply no way to do any of the other methods, attach sensitive information and refer to individual using their first and last initial (eg., "article author NL").
Non-public unique identifiers can also be used as a last resort. For example, instead of "I am having trouble exporting the case summary for John Smith" you could say, "I am having trouble exporting the case summary for crew member 123ABC". However, if your company has a system which allows users to cross reference Crew ID's or Passenger ID's in other systems, these identifiers would be considered sensitive data so please use caution and consider the other options presented above whenever possible.
Why is this necessary?
In spite of improvements in email security, presently there is no universal standard for end-to-end email encryption of email messages and their attachments. As such, the safest way to transmit sensitive data across the internet is using a portal like this one.
The reason why it's important to include information in attachments rather than in the body of messages is because the Tritan Support Help Desk will transmit comments entered into the desk via email. As such, if you transmit sensitive data in the text of your request, even if such a request is placed here in the portal, your data may be transmitted via email, creating a potential concern.