Articles in this section
Authenticate Emails with SPF and DKIM Auto-forwarding your emails to Vtiger Automate Outgoing Emails in Email Settings Automation - Approvals Automation - Assignment Rules Automation - Multi-path Workflows Automation - Scheduled Workflows Automation - Scheduler Automation - Standard Workflows Automation - Webforms Automation - Workflow Action - Create Event Automation - Workflow Action - Create Records Automation - Workflow Action - Create Task Automation - Workflow Action - Invoke Custom Function Automation - Workflow Action - SMS Task Automation - Workflow Action - Send Mail Automation - Workflow Action - Update Fields Automation - Workflow Action - Webhook Automation - Workflows - Vtiger Expressions Configuration - Business Hours Configuration - Company Details Configuration - Consents Configuration - Customer Portal Configuration - Maps Configuration - Usage Details Configure Picklist Dependencies Considerations for Deactivating Vtiger Users Control Fields and Record Displays using Configuration Editor Create Reminders for Records and Inbox Create a field of a Grid type Customize your self-service portal theme using CSS styles Dealing with Currencies and Taxes Enable Desktop Notifications on Chrome Web Browsers Extensions - Extension Store IMAP Configuration - 2-way sync between Vtiger and IMAP providers Inventory - Payments and Subscriptions Inventory - Tax Management Inventory - Terms and Conditions Login to Vtiger on SSO SAML using ADFS Mailroom Functionality in Different Scenarios Manage Global Picklists Manage Multiple Currencies Marketing & Sales - Forecast and Quota Settings Marketing & Sales - Pipelines and Stages Marketing and Sales - Deal to Project Mapping Marketing and Sales - Lead Conversion Data Mapping Marketing and Sales - Profile Scoring Module Management - Labels Editor Module Management - Module Numbering My Preferences My Preferences - Calendar Settings My Preferences - My Tags My Preferences - Notification Preferences SAML Support in Vtiger CRM Set up Mailroom Settings - Configure Module Settings Settings - Create Dynamic Fields and Layouts Module Management - Creating a Relationship Between Modules Settings - Customize Records and Fields for your Business Settings - How to set email autoresponder to Webform submission? Settings - Left Menu Settings - Manage Global Picklists in Vtiger Settings - Set up your Support Team Settings - Start Up Page Settings - Working with Picklist Values Module Management - Module Builder Support - SLA Policies Troubleshooting Login Issues Unsubscribe your Email User Management - Authentication User Management - Encrypted Field Access Logs User Management - Groups User Management - Login History User Management - Profiles User Management - Roles User Management - Settings Log User Management - Sharing Rules User Management - Users User Management - Vtiger Support Access Vtiger Buzz - Chrome Extension for Notifications Vtiger Implementation wizard Websense - Trackers Websense - Widgets Working with Picklist field values Configuring Dependent Fields and Blocks for Modules Duplicate Prevention in Modules Module Management - Modules Module Management - Module Layouts & Fields Configuration - Storage Guard

Configure Encrypted data fields in Vtiger CRM

B
Bindu Rekha Babu
28 Oct, 2020 - Updated 5 months ago

Introduction

On storing sensitive data, such as a contact’s national ID number or credit card number, you can choose to give contacts control over that field by requesting permission through their consents page.

When you store sensitive data of a person, certain laws may require you to handle that data in special ways. Such laws include GDPR, and sometimes require special handlings like encryption of data at rest, or restriction of access to who may see and use the data to only those required for the data’s purposes.

Vtiger’s sensitive data field enables you to comply with those laws while helping protect you from the risk that your employees or malicious actors misuse data stored in your possession.

Note! GDPR feature is available in Starter, Professional and Enterprise Edition.


  1. Limit: 5 fields per module; Available modules: Leads and Contacts.
    These features are available as an Add-on for Starter and Professional editions.

  2. Data limit in GDPR compliance Add-on

    • Personal fields - No limits
    • Encryption fields - 5 fields per module
    • Data consents - 10 fields per module
    • Custom consents - 10 fields per module

Getting started with the Encrypted Data Fields

Before you get started, please read the below-mentioned points carefully.

Points to remember!

  1. Encrypted fields are available only if the “Vtiger Privacy Guard” is installed.
  2. During uninstalling the “Vtiger Privacy Guard” add-on if there are any active encrypted fields, then all those fields will be disabled.

    Note! These fields will not be shown in Module Fields and Layout > View Hidden after they are disabled.

  3. If you re-install the “Vtiger Privacy Guard”, all the disabled encrypted fields will be activated.
  4. You cannot downgrade from Vtiger One Enterprise edition to Professional or Starter edition if you have active encrypted fields.
  5. Vtiger does not restrict you when you downgrade from Professional edition to Starter edition, even if the “Vtiger Privacy Guard” is installed with active encrypted fields.

Sensitive data fields can be created in Vtiger’s Leads and Contacts modules, and achieve all of the following:

Encryption of data at rest

Encryption of data at rest stores the data as an encrypted value in Vtiger’s database which protects the data from unauthorized view by your employees, our employees, and any potential malicious intruders.

Selective obfuscation of data

By default, sensitive data in the user-view of Vtiger will display as ****. You can choose to change that default view to reveal any number of characters at the beginning or at the end of the stored value, to make it usable by your users as a verifier, without permitting them to un-obfuscate the full value. A common use of this is for storing a national ID number or a credit card number, and revealing just the last four digits (e.g., 529-49-5787 shows as 52****787)

Restriction of un-obfuscation to only specific users

Although all users can see the obfuscated value of a restricted field, administrators can restrict which of your users are allowed to reveal the un-obfuscated field value. This is achieved by giving user profiles access to view sensitive data fields, and applying those profiles to users.

Configuring sensitive data fields

Plain text fields are the only fields that can be marked as sensitive by Vtiger. To enable a sensitive data field:

  1. Go to the Module Fields and Layout Editor from the settings page
  2. Choose either the Leads or Contacts modules
  3. Create a new text field, or edit the desired text field

    alt text

  4. Enable the Encrypt field property

  5. Read, understand, and agree to the following conditions, to enable the sensitive property
  6. Choose the number of first and last characters to show all users accessing the field
  7. Save the field.

Note! The text fields whose character limit is equal to or less than 100 can only be marked as the encrypted field.

To grant profile access to view sensitive data fields:

  1. Hover on Menu and click on Settings
  2. In the Settings page, expand User Management and click on Profiles
  3. Select a particular profile to edit and expand the Contacts or Leads module
  4. From the “Tools” area, enable the “View encrypted field value.”

    alt text

  5. Save the settings

Users with a profile, capable of viewing sensitive field values will see a “View” button to the right of fields marked as sensitive in Leads and Contacts modules. Clicking the button reveals the sensitive data field, and logs the view.

Tracking of encrypted field access and edits

Vtiger tracks all views and edits to fields marked as sensitive for future audit. Field access logs for sensitive data changes can be viewed from the User Menu > Settings > User Management > Sensitive Field Access Logs; which allow you to search by field name, record name, module name, username, Date range, or action performed.

alt text

Considerations when enabling sensitive data fields

Please be aware that all of the following apply to sensitive data fields:

  • Encrypted field values are obfuscated by default for all users
  • Only users with the “View Encrypted Field” permission can decrypt values in detail views
  • List views, reports, and exported data can only show encrypted values
  • Global search only searches exposed characters
  • Once enabled, encryption cannot be disabled, and number of un-obfuscated characters cannot be edited
  • If user marked any address field(Billing address, Location, etc.) as Encrypted, then map functionality will not work as the data will be encrypted.

Frequently Asked Questions

  1. What fields should I mark as personal fields?

    • Fields that directly identify a person such as a Name, Email address or Credit Card Number, or Phone number or National ID or Address.
    • Fields that are personal but are needed for regulatory needs should not be marked as Personal fields since they will be erased if the user clicks on “Erase personal data”
  2. What fields should I mark as encrypted fields?

    • Information that if revealed could lead to a considerable loss for a person should be encrypted. For example, National ID, or Credit Card Number, or Union Membership should be encrypted.
    • Only text fields can be marked as encrypted. But, you cannot encrypt these three fields - First Name, Last Name and Primary Email.
  3. How do I delete an encrypted data field?

    • To delete an encrypted data field, you must first disable the consent field associated with this field. And, then delete the field from Module Fields and Layout Editor.
  4. Is Primary email field mandatory?

    • No.
  5. Will print templates and email templates show the decrypted value?

    • No.
Home Privacy Policy Terms of Service Security Center Policy & Legal Center
© Copyright 2021 Vtiger. All rights reserved.
Powered by Vtiger
Facebook Twitter Linkedin Youtube