Download free DLP for AI whitepaper


  • Sensitive data is spiraling out of control in many ticketing systems.
  • Customers accidentally share sensitive information and companies lack the tools to redact it.
  • To avoid compliance fines under PCI DSS, CCPA and more, organizations need a proactive approach to securing sensitive data in help desk apps.

Customer service teams are often the first point of call for your customers. Armed with tools like Zendesk, Salesforce, HubSpot, OneDrive, Kustomer, and more, they’re on the front lines, tackling order disputes, service issues, inquiries, and account updates.

Beyond that, they also play a vital role in upholding cybersecurity. While they’re certainly not expected to find zero-day vulnerabilities or respond to threat alerts, they do interact with a wealth of sensitive customer information, and it is imperative they are good stewards of this data. 

The importance of customer trust 

In today’s hyper connected world, customer trust is easier lost than won. Research shows that many customers would cut ties with a brand after just one bad customer service experience. At the same time, consumers are becoming more wary of companies with poor security track records, preferring to take their business to brands that take cybersecurity seriously. 

But, in the world of customer service, this can lead to some issues. Afterall, every help desk interaction involves sharing information, from basic details like addresses and emails to sensitive data like credit card numbers. Help desk ticketing systems play a key role in organizing these interactions, but they also hold a wealth of information that needs safeguarding.

Companies are realizing the importance of managing this aspect of their business, aiming to prevent sensitive data from getting out of control within their ticketing systems. After all, once customers entrust their information to a company, data privacy laws mandate they protect it – even in instances where the data was voluntarily shared over tools like Zendesk. It’s a must to maintain customer privacy and security while providing top-notch service.

The challenges of data security in today’s environment

Regrettably, ensuring the protection of customer data against unintended exposure has become increasingly challenging. The array of communication channels accessible to present-day customers surpasses what was available a mere decade ago. Depending on the technologies adopted, companies can engage with customers via live chat, social media, email, phone, SMS text messaging, and various direct messaging platforms.

Certain customer communication systems enable seamless conversation transfers across different channels while maintaining a comprehensive record of interactions. Conversely, representatives might need to access extensive customer information to effectively address issues.

All of this means that the opportunities for accidental data exposure – both by customers and customer service agents – have multiplied. Far beyond being an inconvenience, these incidents put companies at odds with compliance regulations like PCI DSS, the CCPA, GDPR and HIPAA, and the hefty fines that come with them. 

Four tips to reduce customer data exposure risks

To avoid compliance fines, maintain customer trust and prevent data breaches, organizations need to take a proactive approach to protecting sensitive information in customer experience platforms. 

Here’s how to do it. 

1. Use the power of nudge theory on your customers…

Managing the information customers provide can be a challenge. Often, customers seek assistance through support channels to resolve issues, inadvertently sharing private or sensitive information that shouldn’t be retained in support tickets. A straightforward solution is to display a nudge or reminder to customers as part of their experience, advising them not to include or upload sensitive data when submitting requests.

You can also integrate reminders into predefined responses from your support team. This approach prevents sensitive information from entering your database. The most effective defense against safeguarding such data is not storing it in the first place. However, this can be challenging as it’s impossible to completely eliminate human errors. 

2. … & your employees

In the fast-paced world of customer service, where turnover rates can be high and resources limited, providing consistent data privacy and cybersecurity training can be a challenge. Relying solely on an annual cybersecurity basics course falls short, especially for bustling customer service teams interacting with a diverse range of customers across various channels. What’s needed is frequent, engaging, and relevant training that instills risk awareness, going beyond the exhaustive list of attack methods.

This is where nudge theory comes into play once again. For example, Polymer data loss prevention (DLP) is a cloud security tool that protects your data in customer service apps like Zendesk, while nudging your users towards better security decisions. 

It accomplishes this by providing friendly security nudges that guide employees toward adopting a security-savvy mindset. Rather than being restrictive or creating friction, Polymer DLP equips your team with the insights they need to consistently make the best security decisions, every single time.

3. Enhance your approach to redaction

While Zendesk’s Automatic Redaction tool offers some level of protection against accidental data exposure, it’s important to note that it isn’t infallible. Additionally, even though Zendesk’s credit card number field adheres to PCI compliance, the redaction tool itself does not.

While the tool does provide a partial solution, it’s not comprehensive enough to fully reassure organizations about secure data storage. Considering that PCI compliance fines can range anywhere from $5,000 to $100,000 per month based on the extent of non-compliance, additional data protection measures are crucial.

This is where we step in. With Polymer DLP, we go beyond the basics. Our solution autonomously oversees and secures sensitive data, encompassing PII, PHI, and HIPAA, within platforms like Zendesk. Leveraging cloud-based machine learning, Polymer actively identifies sensitive data during transmission and encrypts it, ensuring that unauthorized accounts never gain access to protected information–even a customer accidentally shares it. 

4. Audit your platform for exposed data 

Chances are, sensitive customer information has already made its way into your databases. To meet compliance obligations, you need to find and classify it—remediating any issues quickly. However, this process can be challenging, often leaving you unsure of the specific information needing correction.

You have two main options: manually examine each ticket or employ a data classification and protection tool like Polymer DLP, which employs natural language processing to investigate your tickets autonomously and swiftly, reducing your company’s risk of data leaks in just minutes.

Next steps 

Ready to elevate your customer experience and supercharge trust in your brand? Request a demo of Polymer DLP today.

Polymer is a human-centric data loss prevention (DLP) platform that holistically reduces the risk of data exposure in your SaaS apps and AI tools. In addition to automatically detecting and remediating violations, Polymer coaches your employees to become better data stewards. Try Polymer for free.


Get Polymer blog posts delivered to your inbox.