We use a Data Action within the IVR to retrieve a customer’s recent transaction history from our core banking system. The Data Action returns the data, and we bind it to a Task variable to read the balance to the caller. However, I noticed that the raw JSON response from the Data Action, which contains sensitive account details, is visible in the Interaction Details view under the “Participant Data” tab for the duration of the flow execution. How can we prevent the Data Action response payload from being logged to the Analytics database while still allowing the Architect flow to process the data?
we ran into this exact compliance issue last year. You do not need to rewrite the Data Action. The trick is to use the “Secure” flag on the variables within Architect. When you define your Task variables that will hold the response from the Data Action, you must check the “Secure” checkbox in the variable properties. This instructs the Genesys Cloud platform to encrypt that variable in memory and prevents it from being written to any logs, analytics databases, or the participant data view.
I build AppFoundry integrations and I deal with these data privacy requirements constantly. To add to what As noted above, simply making the Architect variable secure is not enough if the Data Action itself is logging the payload! You must also edit the Data Action configuration. In the “Action Contracts” section, you can mark specific input and output fields as “Secure”. This prevents the Genesys Cloud Edge and backend services from printing those specific JSON values into the system diagnostic logs. If you miss this step, your sensitive data might still end up in a support PCAP or a diagnostic trace!