La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
le août 30, 20244:11 PM - dernière modification le oct. 16, 202412:07 PM par JSimmons3
Modérateur HubSpot
[Closed] AMA (Ask Me Anything): Sensitive Data | September 9-13, 2024
Hey community,
Are you curious about storing Sensitive Data in your HubSpot account, but unsure where to start? Join this Sensitive Data AMA (Ask Me Anything) from September 9-13, 2024. Sensitive Data is confidential personal information that requires special protection by law to keep it safe and out of reach from outsiders and bad actors.
During this exclusive community event, we will answer your questions about storing Sensitive Data in the HubSpot Smart CRM, how it can unlock growth opportunities and how the Sensitive Data features work with other HubSpot features.
Do you have any burning questions about Sensitive Data? Drop them in the thread below, and we’ll try to get them answered within 24 hours.
Example questions:
Is HubSpot HIPAA compliant?
How do I activate the sensitive data features?
What types of Sensitive Data can I store in the Smart CRM?
13. How does HubSpot ensure the security of sensitive data when integrating with third-party applications?
Developers can use the API documentation to build integrations that sync sensitive data. Per the sensitive data terms, if you choose to integrate with or otherwise use third party products in connection with the Subscription Service, you acknowledge that Customer Data hosted or processed by such Third-Party Products would be hosted in accordance with policies maintained by those third-parties.
14. What vetting process does HubSpot use for app marketplace partners? In order to publish you app on our marketplace, there are several requirements you must pass. You can find them here
15. What are the recommended best practices for handling sensitive data within HubSpot?
Be sure to consult with your legal team or your attorney to ensure you have systems and processes in place that are fit to handle your customers' sensitive data in accordance with the laws and regulations your are subjected to.
Before enabling the setting, carefully go through our sensitive data terms to ensure you are not breaching it by storing sensitive data that is not permitted.
As any Super Admin can create and view sensitive data, it's recommended to review your list of Super Admins and slim it down as much as you can.
Use field-level permissions to limit who can view and access sensitive data stored in the CRM
15. How can users effectively anonymize or pseudonymize sensitive information?
HubSpot does not have functionality to mask data.
16. Does HubSpot provide training on handling sensitive data for its users?
We have created knowledge base articles, participated in webinars, and written blog posts to help our users enable and use these new features. However, we are currently in the early stages of building a sensitive data course on HubSpot Academy. Soon we will also be launching an implementation guide.
17. What resources are available for customers to learn about data security in HubSpot?
[Closed] AMA (Ask Me Anything): Sensitive Data | September 9-13, 2024
We would like to store patient information (PHI) in the contact object. We would also like to be able to send automated SMS and Email communicaiton to our patients through HubSpot, however we noticed that we can not set the email field or phone number field on the contact as sensiteive data. My questions are:
1. Are there plans in the works to allow HubSpot customers to store a contact's email address in a email field that has the sensitive data setting?
2. For SMS, we can create a custom phone number field and mark it as sensitive data, but I am not sure if we can use a custom phone number field in the SMS action in HubSpot. Can we use a custom phone number field as part of a send SMS action? If not, are there plans in the works to get soemthing like this available?
I think it's awesome that we can now store sensitive data in HubSpot, but the ability to communicate with contacts that have PHI is essential.
Thanks for letting us know. Happy to provide some context as to why you're experiencing this.
At this point in time it's indeed not possible to convert an existing contact property into a sensitive data property. This is because of the way we designed these new properties. However, it's likely we develop this functionality in the future.
1. Theoretically you could create a custom sensitive property and use it to store email addresses. However, I'm doubt you'd be able to have this new property act as a replacement for the default email address field. So I don't think this will work. The reason why we're preventing you from doing so, is because our email functionality (just like our other channels) aren't end-to-end encrypted. Very few email providers are sadly.
2. More ore less same answer as above, our comms channels like SMS and Email don't support sensitive data.
thanks for this opportunity! I'm dropping a few questions that regularly come up when we're dealing with new clients, especially from Europe because of GDPR. Our personal FAQs that might be also relevant to other HubSpot users:
How does HubSpot ensure the protection of sensitive customer data?
What encryption methods does HubSpot use for data at rest and in transit?
Is HubSpot compliant with regulations like GDPR, CCPA, and HIPAA?
What types of sensitive data can be safely stored in HubSpot?
Are there any restrictions on storing certain types of sensitive information?
How does HubSpot handle data retention and deletion policies?
What measures are in place to prevent unauthorized access to sensitive data?
How does HubSpot manage user permissions and role-based access?
Can activity logs be generated to track who has accessed sensitive information?
What is HubSpot's protocol in case of a data breach?
How quickly are customers notified if their sensitive data is compromised?
What support does HubSpot provide in the event of a security incident?
How does HubSpot ensure the security of sensitive data when integrating with third-party applications?
What vetting process does HubSpot use for app marketplace partners?
What are the recommended best practices for handling sensitive data within HubSpot?
How can users effectively anonymize or pseudonymize sensitive information?
Does HubSpot provide training on handling sensitive data for its users?
What resources are available for customers to learn about data security in HubSpot?
Adriane Grunenberg HubSpot Automation and Digital Analytics Expert
How does HubSpot ensure the protection of sensitive customer data? All sensitive data is protected by an additional layer of platform encryption. Sensitive property values and CRM attachments are encrypted when they reach HubSpot’s backend systems, typically within the first or second hop into our systems. The properties and CRM attachments are encrypted using AES-256 with unique encryption keys for each customer. The root keys are managed via AWS KMS, and no one has access to these keys. HubSpot engineers cannot view sensitive properties. However, a small and tightly constrained group of engineers are able to decrypt the data in order to support these services. There are also HubSpot services that need to decrypt the data. To do this, a given service must invoke a specific scope to be able to decrypt a sensitive prop
What encryption methods does HubSpot use for data at rest and in transit? By default, data stored in HubSpot is encrypted in transit with TLS 1.2 or 1.3 and at rest using AES-256.
Is HubSpot compliant with regulations like GDPR, CCPA, and HIPAA?
While use of the HubSpot product can enable your GDPR and HIPAA compliance efforts, use of the HubSpot product alone does not make you GDPR compliant. Like any legal issue, it’s up to you to review your specific situation with your legal counsel to understand how you can meet your obligations.
For more info on compliance, please check our Trust Center
What types of sensitive data can be safely stored in HubSpot? You can find a list of all permitted sensitive data on our sensitive data terms page. (It differs per category of sensitive data)
Are there any restrictions on storing certain types of sensitive information? There are certain types of sensitive data that we do not permit, but we do not have any hardcoded restrictions that prevent users from storing that type of data. It's up to you, the user, to ensure you are abiding by our sensitive data terms.
How does HubSpot handle data retention and deletion policies? This trust center article should answer your question in detail.
What measures are in place to prevent unauthorized access to sensitive data? Firstly, with the aforementioned added platform encryption. Secondly, super admins can set up field-level permissions to restrict view and edit access. They can also set inactive session timeouts, and more to prevent unauthorized access.
How does HubSpot manage user permissions and role-based access? You should be able to find all of that info in this KB article
Can activity logs be generated to track who has accessed sensitive information? Audit logs allow Super Admins to see user actions (like creation, deletion, and updating) pertaining to sensitive properties.
What is HubSpot's protocol in case of a data breach? You can more details about that in this trust center article.
How quickly are customers notified if their sensitive data is compromised? Without undue delay.
What support does HubSpot provide in the event of a security incident? At customer's request, HubSpot will promptly provide such reasonable assistance as necessary to enable customers to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if customers are required to do so under Data Protection Laws.
I don't have the immediate answer to your remaining question. I will try to get them answered promptly! Let me know if you have any follow-up questions in the meantime 🙂
Thank you so much for sharing these insightful questions! Your diligence in addressing data protection concerns, particularly in light of GDPR regulations, is truly appreciated, even i had some pointers to clariy and you have covered them for all of us here.
Regards
Humashankar VJ HubSpot Community Champion and enthusiast | Engineering Manager
1. The new sensitive data features are designed to help you operate your portal in compliance with regulations like HIPAA. When enabling these settings, users agree to our Business Associate Agreement.
2. I recommend this blog post to get more info on the matter.
[Closed] AMA (Ask Me Anything): Sensitive Data | September 9-13, 2024
Why are sensitive data fields not available via the API even for permissioned users?
Why does HubSpot not track *external* form submissions which contain sensitive data even if that data is not saved into HubSpot? (HubSpot tracks the same form without issue if there are no fields which HubSpot thinks are sensitive)
1. So we actually do support sensitive data fields via our APIs. You can find more info on sensitive data API functionality here: https://developers.hubspot.com/docs/api/sensitive-data. I suppose you might have a specific use case that isn't supported, but if any of the functionality outlined in that article doesn't work on your end, I would suggest taking this up with our support team.
2. Also in this case, we do support using sensitive data with non-HubSpot forms as noted in the KBA here. We also support using the form submissions authenticated API. So I'm not sure why this wouldn't be working on your end, unless you may have a specific use case.
Regardless, please take this up with our support team or reach out to your CSM as we would love to get a better understanding of your use case and how we can help.