Protection of Personally Identifiable Information in Workforce Intelligence
Personally Identifiable Information (PII) includes any information that relates to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly. This includes any information that can be used to distinguish one person from another or identify who the data represents. This article describes the data collected by Pega Workforce Intelligence™ that relates to PII.
Workforce Intelligence captures data that is considered PII about the employees who use the service. No data is collected on a company’s consumers or customers.
Workforce Intelligence captures, transmits, and stores Windows events that describe how applications are used on an employee desktop. Information about what applications and websites are accessed, as well as employee desktop activities, such as the number of keystrokes entered, windows resizing, and cut/copy/paste activities, are collected for analysis. Limited information about the employee doing the work is also collected for analysis and aggregation purposes. Workforce Intelligence uses this data to provide insights and guidance to supervisors and business analysts.
Based on a customer’s configuration, there is a restricted set of information that can be considered PII or can contain PII information embedded within a collected value. The data that is collected and stored within Workforce Intelligence that is considered PII comprises the following:
- Network ID
- Employee name
- Email address
- Machine name
- MAC address
- Executable file name
- Web domain
You can anonymize the employee name and you can implement rules to filter out metadata values. For an additional layer of analysis, you can enable screen title collection for application/domains. Depending on the structure of your application, this information might contain additional PII about your agents or consumers in the screen title.
To avoid these issues, information such as credit card and social security numbers are automatically removed by using preconfigured rules. If needed, you can add custom rules to remove data that your application provides in the title of the screen or application.
The set of data that might be considered PII or might have PII information embedded within a value is restricted. The following table lists the fields where this might occur.
|Type of data||Field name||Required?||Additional information|
|Employee||First/Last Name||Optional||The name of the employee.|
|Employee||User-email address||Optional||The user’s email address.|
|Employee||Machine Name||You can mask this data.|
|Employee||Mac Address||You can mask this data.|
|Application *||Screen Title (Windows)||Optional||No data within the screen is collected, only the title. You can mask this data.|
|Application *||Screen Title from HTML page (websites)||Optional||No data within the screen is collected, only the title. You can mask this data.|
|Application *||URL Path (websites)||Optional||Contains the URL path for the website, excluding the domain. You can mask this data.|
* You control whether data is collected for each application or website. In addition, you can mask the captured values by using regex before the data is sent to the cloud.