Data privacy is a key concern for every organisation that manages or processes third party personal data such as end user phone numbers. With GDPR around the corner, data privacy holds more importance today than ever before. In our February Blog about how Plivo is preparing to protect your data - we had talked about Message Redaction as one of the key milestones in this journey. Today we are happy to introduce this in the Plivo Cloud Platform for all use cases that involve receiving SMS messages on Plivo phone numbers.
Incoming Message Content And Source Number Redaction
We’ve introduced an application level flag to control whether message content and source numbers of incoming messages to Plivo phone numbers should be redacted from Plivo debug logs and databases.
When message redaction is enabled for an Application, the following changes take place:
The content of incoming messages to Plivo phone numbers associated with the Application are redacted from all internal Plivo server logs, as well as the debug logs available on the Plivo console.
The last 3 digits of the source number from which the SMS originated are redacted from all internal Plivo server logs, as well as the debug logs available on the Plivo console.
The last 3 digits of the source number from which the SMS originated are redacted from the Message Detail Record (MDR) generated for the message. Fetching MDRs for such messages would return the redacted source numbers.
Note that Message Redaction has been disabled for all your existing Plivo Application by default. Read below to learn how to turn message redaction on for your Application.
Configuring Message Redaction For Plivo Applications
Turning Message Redaction Of/Off From The Plivo Console
You can select the Application from the SMS Applications page, and check the ‘Redact Incoming Messages’ checkbox to enable redaction for incoming messages to phone numbers associated with the application. Turning Message Redaction Of/Off From Using Application API The log_incoming_messages attribute of the Application resource can be used to enable / disable message redaction.
When creating a new Application, set the log_incoming_messages attribute to false in the Create Application API request to enable message redaction. The default value for this attribute is true, which means that message redaction is disabled unless explicitly enabled.
Message Redaction may be enabled/disabled for an Application at any time using the Update Application API.
Impact Of Message Redaction On Payload To Message URL
The feature is designed to offer our customers control over message details that may be logged in Plivo systems for debugging purposes.
If a message_url has been configured, Plivo will attempt to post the non-redacted message content and the non-redacted source number to it.
For enhanced security, we recommend our customers to configure secure HTTPS endpoints for their message URLs.
Our Commitment to Data Protection
As your communications partner, we understand that our compliance with GDPR is critical for your business. We are making all the efforts to ensure your customer data stays safe, while also being mindful about keeping things simple for developers. We will continue to share regular updates about upcoming changes. You can read about how Plivo is preparing to protect your data here. If you have specific questions about our GDPR readiness roadmap, write to us at firstname.lastname@example.org.