How do I protect sensitive data in forms?
Your program may require you to collect and store sensitive information like social security numbers, bank account numbers, health-related information, or other personal data. To protect your applicants, it is strongly recommended to encrypt the fields that collect this information. Additionally, you can control who in your organization can view these details by masking these specific fields or applicant information as a whole.
Note: Data can be encrypted to make it useless if it's ever compromised. It can be masked to hide it from Grant Manager Portal users who are not authorized to view it.
Encrypt fields for an additional level of protection
Note: Encryption takes place on the back-end and only impacts how it is stored in our database. It does not affect how applicants enter the information or who can view the responses in the Grant Manager Portal.
Encrypted fields offer an additional way for you to securely store data, especially when collecting sensitive information. When encrypting fields, keep in mind...
-
Encrypted fields cannot be used in filters, searches, or automation.
-
Encryption can be enabled when the field is being created or even after it has been added to a form.
-
Amount Requested and Employee SSO fields cannot be encrypted.
How to enable field encryption
Tip: To enable encryption after a field has been created, see Encrypt Existing Fields.
-
Enable the Additional field encryption option.
Note: For a full list of fields that can be encrypted, see Encryption and masking options by field type.
-
Save your changes.
How applicants experience encrypted fields
Applicants will not be aware the field is encrypted with additional security when completing their form. They can enter and edit the response just as they would any other field.
How Grant Managers experience encrypted fields
The experience with encrypted fields in the Grant Manager Portal is as follows:
-
The field will be visible in all areas of the application. It can be edited by Grant Managers as needed.
-
The field cannot be used in filters, searches, or automation rules.
-
The field will be visible in Ad Hoc reporting, dashboards, and the Data Hub.
-
The field can be used in configuration, such as Set Value, Calculated Value, Input Mask, Validation, and Conditional Logic.
-
The field can be included in data feeds. It's decrypted prior to being transmitted in the feed.
Mask fields to limit who can view the data collected
Masked fields allow you to change the visibility of responses so that those not authorized to view the data are unable to do so. Applicant information can be masked so that reviewers cannot see sensitive information or details that may affect the review process. When masking fields, keep in mind...
-
Data can be masked at the program-level and field-level.
-
Data in masked fields is only visible to users with the Grant Application - Can View Masked Data permission.
-
Data is masked in all areas of the Grant Manager Portal, including the application, Ad Hoc reports, dashboards, and Data Hub.
-
Masked fields cannot be used for filtering.
How to mask fields
- Create a new form field.
-
Enable the Field masking option.
Note: For a full list of fields that can be masked, see Encryption and masking options by field type.
-
Save your changes.
How to mask all applicant information across programs
All applicant can be automatically masked by enabling the Mask application information setting in your program.
-
Create a new program or edit an existing one.
Note: This is only available for programs where the Recipient is set to An individual applicant.
-
In Program Detail > Settings, enable the Mask applicant information option in the Masking section.
-
Save your changes.
Warning: This setting will be overwritten if the workflow level has Show masked applicant information enabled. In this case, all users assigned to the workflow level will be able to view applicant data whether or not they have the Grant Application - Can View Masked Data permission.
How applicants experience masked fields
Applicants will not be aware the field is masked when completing their form. They can enter and edit the response just as they would any other field.
How Grant Managers experience masked fields
The experience with masked fields in the Grant Manager Portal varies based on whether you have the Grant Application - Can View Masked Data permission.
If you have this permission...
-
A toggle will appear next to the field to unmask the data. This is available in the Application View and the reporting areas.
-
If the field's Calculated Value, Validation, or Conditional Logic in a form is based on an answer from a masked field, it will only work for users with this permission.
If you do not have this permission...
-
Data in the masked field will show as
********. -
If the field's Calculated Value, Validation, or Conditional Logic in a form is based on an answer from a masked field, these conditions will not work as intended.
Encryption and masking options by field type
These options are not available for all field types. Refer to the table below for the fields that do and do not allow encryption and masking.
| Field Type | Allows Encryption? | Allows Masking? |
|---|---|---|
| Address | No | No |
| Aggregation | No | No |
| Checkbox | No | No |
| Currency | No | No |
| Date | Yes | Yes |
| External API | Yes | Yes |
| Field group | No | No |
| Field group option | No | No |
| File upload | Yes | Yes |
| Number | Yes | Yes |
| Picklist | Yes | Yes |
| Radio buttons | Yes | Yes |
| Select boxes | Yes | Yes |
| Table | No | No |
| Text | Yes | Yes |
| Text area | Yes | Yes |