Qualtrics Platform
Customer Journey Optimizer
XM Discover
Qualtrics Social Connect

Sensitive Data Policy

Attention: Sensitive Data Policy is also known as the Expert Review – Compliance Assist tool. It is not included with standard ExpertReview purchases. Please contact your Account Executive or XM Success Manager if you are interested in gaining access.

About Sensitive Data Policy

The Sensitive Data Policy tab contains ExpertReview – Compliance Assist, a powerful tool that helps you regulate the private personal information collected by your Qualtrics organization. Many organizations have strict rules about the kind of data they can collect from participants, and this administrative tool can help you flag questions and data that may violate your organization’s standard for respondent data privacy.

With ExpertReview – Compliance Assist, you can:

Determine what topics will be flagged as sensitive data, using pre-built topics or your own customizable ones.
Alert survey builders when they are asking for sensitive information.
Warn respondents before they try to submit sensitive information.
Redact sensitive information so the users in your brand never see it.

Sensitive data policy settings are not retroactive. Only responses collected after these settings have been saved will be flagged or redacted accordingly.

Qtip: This is a feature only available to Brand Administrators. Division Administrators do not have access to this feature.

Attention: The Sensitive Data Policy is not compatible with video feedback. Therefore, the Sensitive Data Policy will not be applied to Imported Video and Audio Projects or Unmoderated User Testing Questions. However, data collected through these features will have personally identifiable information redacted per AWS’s redaction rules.

Qtip: Sensitive data policies can censor or remove information collected from survey questions, but do not affect respondent metadata, like location data. For that, try Anonymizing Responses. If you’d like to learn more about minimizing personal data collection in Qualtrics, see this guide.

Setting Up a Sensitive Data Policy

You can have multiple sensitive data policies per brand. All Brand Administrators can access and edit the brand’s sensitive data policies.

Go to the Admin page.
Select the Data Privacy tab.
Go to the Sensitive Data Policy section.
Click Add Topics.
Choose between the following:
- Qualtrics topics: Choose from a library of pre-made topics. Use the search or dropdowns to select topics for use. Different identification numbers such as Social Security will be separated by country rather than industry. See Built-In Topics for more details.
- New topic: Add a single custom topic. See Custom Topics for help with file formatting and Adding a Single Custom Topic for how to upload that file once ready.
- Import topics file: Import multiple topics at a time. Be sure to check the Qualtrics topics before using this option to upload topics that may already be commonly used. See Custom Topics for help with file formatting and Importing Multiple Custom Topics for how to upload that file once ready.
Save your changes.
Qtip: You can edit or remove these topics in the future.
Once your topics are created, don’t forget to go to Settings. There, you will determine whether to flag survey creators when they are making questions that may request sensitive data, or to flag survey takers when they try to provide sensitive information about themselves. Here you can also configure redaction.

Qtip: See Flag Survey Questions that Ask for Sensitive Information and Flag Survey Responses that Provide Sensitive Information for more details.
Also be sure to check out Exemptions. This is where you will identify if any surveys should be exempt from the sensitive data policy.

Qtip: Exemptions can be for the whole sensitive data policy, or for a specific policy. E.g., maybe there’s a survey allowed to collect phone numbers and no other identifying information. To set an exemption for a specific topic, click the topic name, then set the exemption to the right.

Flag Survey Questions that Ask for Sensitive Information

Qtip: These options are found by clicking Settings in the upper-right.

You will be able to warn survey creators that the questions they’ve created violate your company’s sensitive data policy. Enable Flag survey questions that ask for sensitive information.

Once this is enabled, you can click Include a custom warning message to write what users will see on the question that violates that policy.

What survey creators see

When a survey creator requests sensitive data, the question will be marked the same way questions that violate other ExpertReview recommendations are, with an orange iQ icon.

When the user clicks on the iQ icon, they will learn what phrases they used that triggered the warning. Here, the warning that the admin created will be displayed.

Qtip: This feature will not prevent the user from creating the question or publishing the survey – merely let them know they may violating brand policy. The specific topic issues will be flagged, e.g., identifying Social Security Numbers as opposed to just a vague privacy policy violation.

Flag Survey Responses that Provide Sensitive Information

Qtip: These options are found by clicking Settings in the upper-right.

You can flag responses so that survey takers are warned when they try to provide sensitive information. you can also make it so that if they disregard this warning, the survey creator can then report on the sensitive data they’ve collected.

Select Flag survey responses that provide sensitive information to allow survey builders to report on violations. These are listed by topic, not exact sensitive data provided (e.g., USA Phone Number, not 555-555-5555).

Enabling Warn survey respondents when they provide sensitive information created a message in the survey when respondents try to submit sensitive content.

If you select Redact sensitive information from survey responses, the information that violates the policy is completely deleted. The rest of the response will be fine, but the flagged and redacted information itself will be removed and irretrievable. Survey builders will still be able to report on violations, but these violations will be listed by topic, not specific violation.

Warn survey respondents they’ve provided sensitive information

This is what it looks like when a respondent tries to provide sensitive information. The appearance of the survey and questions asked will vary based on what you’ve built, but the window will display the number of questions affected and let respondents review their answers.

The respondent will be asked whether they want to change what they wrote (Review Answers) or keep going in the survey (Continue Without Reviewing).

Redacting sensitive information

When information is redacted, it is replaced with a series of asterisks ( * ) so that the survey builders cannot use any sensitive information the respondent has provided.

Turning this option off in the Sensitive Data Policy will not restore the redacted data. All redacted data is deleted permanently.

Qtip: This option redacts all sensitive data, regardless of topic. To narrow down what topics are redacted, see Global vs. Topic Redaction.

Global vs. Topic Redaction

When information is redacted, it is replaced with a series of asterisks so that the survey builders cannot use any sensitive information the respondent has provided.

Sometimes, you want to redact information provided pertaining to some topics, but not others. For example, while you may definitely redact any Social Security Numbers respondents try to enter into a survey, you may want phone numbers and email addresses to be left alone, so you can follow up with respondents if needed.

Global redaction can be enabled under the Settings using the Redact sensitive information from survey responses option. This redacts all flagged data, regardless of topic.

To redact information from one topic at a time:

Click on the name of the topic you want to edit.
Expand the Policy Settings.
Select Override Global Policy Settings.
Select Redact sensitive information pertaining to this topic from survey responses.
Click Save.

Attention: By enabling this option, you will be deleting all data that qualifies for redaction here on out. Turning this option off will not restore any data deleted by redaction. Once data is redacted, it is deleted permanently.

Reporting on Data Policy Violations in Responses

Responses can be flagged based on the privacy policies they violate. Survey builders can report on policies violated by using the Q_DataPolicyViolations field.

The topics tagged in a survey response may not correspond to the topics violated when building the survey. For example, consider a policy that flags USA phone numbers. A survey builder may ask for phone numbers, but if no respondent provides this information, no responses will be flagged. In contrast, if you have a general feedback question where a customer provides a phone number unprompted, this response will be flagged.

Qtip: If you want to view or report on Data Policy Violations, the field is readily available in your Data & Analysis and Reports tabs. However, to base survey logic (such as Branch Logic or Display Logic) you must first add Q_DataPolicyViolations as Embedded Data to your Survey Flow.

Qtip: When making edits to the survey, don’t forget to Publish!

Attention: Imported Responses will be excluded from redaction.

Built-In Topics

While they are not guaranteed to be defined perfectly, Built-In Topics are a great way to get started on your sensitive data policy. They provide heavily researched options with large keyword dictionaries and carefully defined regex.

Once you have finished setting up for the first time, you can select more built-in topics later by clicking Add Topics and selecting Qualtrics topics.

On this window, use the dropdowns or the search bar to find your desired topics. Identification and other registration numbers can be found under their country of origin. (E.g., UK Insurance number is under its respective country instead of an industry.)

If you want to remove every topic listed, click Remove all above the list of selected topics.

Custom Topics

Sometimes, you may want to flag topics that are unique to your organization, such as employee ID, or use topics that Qualtrics hasn’t even thought of yet. Thankfully, you can import your own custom topics.

When using a JSON file, the topics you import are always added as new topics, not added onto existing, similar ones. For example, if you manually selected Social Security as a topic and then imported a JSON file with a topic called Social Security that had additional key words, you would have two Social Security topics in your Compliance Assist. This does not hurt the tool’s ability to check your brand for privacy violations in any way.

Export a JSON file of your topics by clicking Export at the top of the topics window. You can use this file to import your topics into another brand, or to make edits to the JSON file and add new custom topics.

Removing Topics

Go to the Actions dropdown to the far-right of the topic and click the trash can icon to remove a topic. This can be done for both custom and pre-built ones.

Qtip: If you want to remove every topic listed, click Remove all above the list of selected topics when you click Qualtrics topics.

Surveys Exempt from Sensitive Data Policies

There may be times when you need to mark surveys exempt from sensitive data policy violations. For example, if you have a workflow where you need to get back in touch with customers who wrote in upset, you probably need to collect some form of contact information, even if you generally forbid other surveys in the brand from doing so.

Marking Surveys Exempt

Click Bulk exemptions.
Click Add survey.
Search a survey by name. You can only select one survey at a time. Do not search by survey ID.
Select one of the following options:
- Survey is exempted from all current and future Sensitive Data Policy topics
- Survey is exempt only from the selected Sensitive Data Policy topics
  Qtip: You can select multiple topics. Click the trash can to remove a topic from the list of topics the survey is exempt from.
Click Save.

Qtip: Exemptions can be for the whole sensitive data policy, or for a specific policy. E.g., maybe there’s a survey allowed to collect phone numbers and no other identifying information. To set an exemption for a specific topic, click the topic name, then set the exemption to the right.

Managing Exemptions

Once you’ve marked surveys exempt from the sensitive data policy, they’ll appear on the Exemptions page.

Click the blue topics text to change the topics the survey is exempt from.

Click the trashcan to remove the exemption.

Topic Exemptions

By default, sensitive data policy topics apply to all questions and surveys. However, you can create exemptions for topics. You can exempt an entire survey or a question from a survey.

Click on the topic you’d like to add exemptions for.
To add exemptions for a specific survey, go to Survey Level.
Begin typing in the box to select a survey to apply the exemption to.
To add exemptions for a specific survey question, go to Question Level.
Click Add questions.
Begin typing to search for the survey that contains the questions you’d like to create exemptions for.
Click Continue.
Choose the questions you’d like to add the exemption to.
Click Apply.

Applying Sensitive Data Policies to Certain Surveys

By default, sensitive data policies will apply to all surveys in your organization, barring any exemptions you’ve created. However, you can change the behavior of an individual sensitive data policy so that surveys must be explicitly opted-in to the policy for it to take effect.