Below are some best practices around Personal Identifying Information (PII) and data security that may help mitigate risk concerns when interacting with students:
Platform
- Utilize office-level permissions. Permission managers can assign office-level permissions to all users, allowing them access to only their content. This would apply to texting, live chat, and chatbot transcripts, as well as live chat and texting conversations.
Chatbot
- Consider adding a sentence to the welcome message to not enter PII information unless requested.
For integrated questions, Ocelot has specific events that trigger the redaction of PII. We have to know when PII will occur to trigger these events which is not possible in live chat and texting interactions.
Live Chat
- Consider using Live Chat SSO authentication. This will eliminate the need to validate identity and stop inquiries for student PII, especially if implemented campus-wide.
Texting
- We recommend including a short message in the introductory texting campaign to not respond with PII.
Note: Data is encrypted both in transit and when stored at rest. However, it is not encrypted when it is emailed to the school