Securing Sensitive User Data with PCI DSS Certification and HIPAA Compliance
Learn how to maintain PCI/HIPAA compliance and protect sensitive user data using the flag privacyMode
.
Defining sensitive user data
Applications handling sensitive user data need to take steps to protect that data from potential breaches or leaks. Whether or not data is considered sensitive is sometimes up to the application developer, while other times it's governed by regulatory bodies. Regulated types of sensitive user data include Payment Card Industry (PCI) data, like credit card and account numbers, PINs and passcodes, and Protected Health Information (PHI), which is any individually identifiable piece of health information and is used as a basis for the Health Insurance Portability and Accountability Act (HIPAA).
Maintaining compliance
In order to create secure applications following best practices and maintain compliance with these kinds of regulatory bodies, FreeClimb developers building applications that process sensitive data should:
- Rotate API keys every 90 days.
- Use the
privacyMode
flag.
Using privacyMode
in your applications
privacyMode
in your applicationsThe flag privacyMode
is an optional parameter on some PerCL commands, as well as an optional body parameter on the Make a Call API request. The following PerCL commands have privacyMode
as an optional parameter:
PerCL Command | Description |
---|---|
Say | The Say command provides Text-To-Speech (TTS) support. |
Play | The Play command plays an audio file back to the caller. |
GetDigits | The GetDigits command collects DTMF inputs from the caller. |
GetSpeech | The GetSpeech command enables the caller to respond to the application using a supported language. |
SendDigits | The SendDigits command plays DTMF tones on a live Call. |
OutDial | The OutDial command is used to call a phone number. |
When privacyMode=true
, the data collected or sent during that command's execution will not be logged by FreeClimb. For example, the requestBody
logged for a GetSpeech
command looks like this when privacyMode=false
:
"requestBody": {
"accountId": "ACXXXXXXXXXXXXXXXXXXXXXX",
"callId": "CAXXXXXXXXXXXXXXXXXXXXXX",
"callStatus": "inProgress",
"conferenceId": null,
"confidence": 50,
"direction": "inbound",
"from": "+15550001010",
"parentCallId": null,
"queueId": null,
"reason": "recognition",
"recognitionResult": "Jane Doe",
"requestType": "getSpeech",
"to": "+15551001000"
}
We can see the string content of the recognitionResult
printed in the requestBody
. The same GetSpeech
command with privacyMode=true
will generate a log like this:
"requestBody": {
"accountId": "ACXXXXXXXXXXXXXXXXXXXXXX",
"callId": "CAXXXXXXXXXXXXXXXXXXXXXX",
"callStatus": "inProgress",
"conferenceId": null,
"confidence": 50,
"direction": "inbound",
"from": "+15550001010",
"parentCallId": null,
"queueId": null,
"reason": "recognition",
"recognitionResult": "xxxxx",
"requestType": "getSpeech",
"to": "+15551001000"
}
Here we see that the recognitionResult
now prints the string 'xxxxx' in place of the actual content.
privacyMode
is set at the command level, meaning it will not be inherited by any nested commands.
Checking that your application is secure
As you design your application, keep in mind the following checklist to ensure that your application is using privacyMode
correctly and generally securing user data:
- All URLs use HTTPS
- No sensitive data is being posted in a URL itself
- No sensitive data is being sent in an API request itself, e.g., in a Filter Logs request
- Any third-party tools you might also be using have been vetted
- All your PerCL has been tested, as
privacyMode
won't work if the JSON is malformed - Your application doesn't use StartRecordCall for calls that may contain sensitive information, as
privacyMode
can't redact recorded calls - Your application doesn't use RecordUtterance for user speech that may contain sensitive information, as
privacyMode
can't redact recorded speech privacyMode
is set on each command you want it used for
Updated 6 months ago