Remove sensitive data

Agents collect sensitive information while interacting with both internal and external users. These interactions lead to data being stored across various locations in your organization’s tenant. It's crucial to ensure security and compliance of this data with your organization's policies.

The Sensitive data setting in Copilot Studio enables you to protect sensitive information such as customer PINs, account numbers, credit card details, and protected health information (PHI) data. This feature ensures that data protection doesn’t interfere with user productivity or collaboration. Agent makers can mark variables as sensitive according to the specific requirements of their organization, to improve the security of the collected information.

Note

The Sensitive data setting is only applied to voice-enabled agent interactions.

Known limitations

If the customer's response to the agent’s first question is flagged as sensitive, that content might not be redacted. This is due to a timing issue that affects redaction at the start of the conversation. However, all subsequent responses flagged as sensitive are redacted as described in this article.

Prerequisites

Configure sensitive data masking

Identify the information in your agent's conversational flow that might contain sensitive data. For example, the input to the agent is a credit card number. Sensitive data is handled using variables. Currently, you can only denote sensitive data variables using the Question node.

To initialize a variable as containing sensitive data, perform the following steps:

  1. In a topic, add a Question node.

  2. Assign a global variable.

  3. Open the global variable's properties and turn on Sensitive data.

Note

  • When a sensitive data variable is assigned to a nonsensitive data variable, the nonsensitive variable automatically inherits the sensitive data properties.
  • If you're using Application Insights to log activity, turn off Log sensitive activity. If this setting is turned on, sensitive data is logged.

Runtime operation

When the customer’s conversation with the agent enters a section where a sensitive-flagged variable is configured, the agent displays the following message in the transcription: "Entered a confidential section of the conversation." Recording, transcription, and data logging are paused until the conversation moves on to the nonsensitive section.

When the conversation moves past the sensitive information collection, the agent displays "Exited a confidential section of the conversation," followed by "Recording and transcription resumed." Recording, transcription, and data logging resumes for all nonsensitive portions of the interaction.

If the conversation is escalated to a customer service representative from the agent, the transcript and recording don’t contain any instances of the sensitive information captured by the agent. To match the recording to the call's length, we insert silence into the recording.

Conversation transcripts are stored in the ConversationTranscript table. Any variables marked as sensitive appear as Redacted in the transcript to protect its content.

Sensitive data suggestions

  • Agent makers are responsible to mark the variables as sensitive wherever they anticipate sensitive information.
  • Copilot Studio doesn’t automatically redact sensitive data from Question or Message nodes that don’t have sensitive variables assigned to them.
  • Sensitive information isn’t removed if a caller unexpectedly shares something sensitive and the variable capturing that response isn’t marked as sensitive.
  • Agent makers should account for potential latency in pausing the recording and transcription.
  • Sensitive information redaction is restricted to Copilot Studio. For any external connections from Copilot Studio to Power Automate, Connectors, and such, customers are responsible for assessing redacted data with any relevant regulatory or compliance requirements.
  • Last updated on