CoffeeCake Posted February 4, 2021 Posted February 4, 2021 Right now, staff with access to Support within Commerce have the ability to see details about the member that may disclose their identity. Things like a customer's real name, email address, and other details. In our community, we've removed this access this via a custom modification we've developed, however I believe this should be an out of the box permission. Please provide a discrete permission to restrict personally identifiable information from staff without the necessary administrator permission to do see that information. It is not necessary for someone replying to support requests to necessarily have access to e-mail addresses, the real name of the customer, etc. Shout out to @theipsguy for this format for sharing ideas that I'll totally steal. zyx and Jordan Miller 2
Jordan Miller Posted February 4, 2021 Posted February 4, 2021 4 hours ago, Paul E. said: Right now, staff with access to Support within Commerce have the ability to see details about the member that may disclose their identity. Things like a customer's real name, email address, and other details. In our community, we've removed this access this via a custom modification we've developed, however I believe this should be an out of the box permission. Please provide a discrete permission to restrict personally identifiable information from staff without the necessary administrator permission to do see that information. It is not necessary for someone replying to support requests to necessarily have access to e-mail addresses, the real name of the customer, etc. Shout out to @theipsguy for this format for sharing ideas that I'll totally steal. Me any time I see a @Paul E. thread Interesting observation. I don't disagree with this, however I'm also wondering if maybe taking a more offensive approach could suffice? Like having the moderators sign a simple agreement affirming they won't reveal members' info? Thoughts?
CoffeeCake Posted February 4, 2021 Author Posted February 4, 2021 1 minute ago, Jordan Invision said: Like having the moderators sign a simple agreement affirming they won't reveal members' info? Thoughts? We do that as well. However, we operate using the principle of least privilege. For our use case of the support system, the majority of support requests we create and reply to do not require the moderator to know anything other than the display name of the poster. There is a setting for the front end that disables the display of e-mail addresses for moderators, yet these settings are not considered in Commerce. Our moderators do not need to know IP addresses, real names, addresses, etc. and even though we have legal protections in place through contractual agreements, there's no reason to expose that information unnecessarily. Jordan Miller 1
CoffeeCake Posted February 5, 2021 Author Posted February 5, 2021 Another addition to the Commerce Support tool that I was just reminded of. The ability for an agent to receive notifications of new requests or replies should be a controllable permission as well. For communities where moderators do not have a site-specific e-mail account, receiving copies of inbound communications in their personal e-mail account is a liability, and not every moderator meets the threshold for an e-mail account. If your model is that moderators do not have access to PII, and do not e-mail customers, then it makes little sense to provision them with an e-mail account. Jordan Miller 1
Recommended Posts