Privacy & Security
At Zoho Inventory, we take the privacy of your organization very seriously. We have made the the following feature enhancements that will help you keep your data secure and stay GDPR compliant.
Permissions to Access PII
In Zoho Inventory, you can grant or revoke a user’s access to sensitive data. This way, the users who do not have access to PII won’t be able to create, export or view any of the PII sensitive data in your organization. To provide access to PII to a user in your organization:
- Go to Settings >> Users & Roles.
- Click the + New Role button.
- Enter a name for the role.
- Under the Settings section, check the Permission to Access Personally Identifiable Information option.
Pro Tip: If you don’t want this role to have access to PII, then uncheck this option.
- Click Save and assign this role to a user.
Insight: Users with Admin role will by default have access to PII in your organization.
Creating a PII Sensitive Custom Field
Custom Fields in Zoho Inventory allows you to add data against fields created by you. From now on, when you create a new custom field, you can choose to encrypt and save the Personally Identifiable Information (PII).
- Go to Settings >> Preferences.
- Go to the module for which you would like to create a new custom field.
- Open the Custom Fields tab and click the + New Custom Field button.
Enter the Label Name and select the Data Type.
Choose how you want to store this data based on its sensitivity under ‘Is this PII?’. The following are the available options:
- Select ‘Yes, it’s PII. Encrypt and store it.’, if it’s a highly sensitive information such as customer’s social security number. Only the users for whom you have given access to PII will be able to view it. Also, you cannot perform an advanced search with this field.
- Select ‘Yes it’s PII but not sensitive. Store it without encryption.”, if it’s an information about your customer that is publicly available such as their name on social media or business address. Only the users for whom you have given access to PII will be able to view it. However, you will be able to perform advanced search on it.
- Select ‘No, it’s not PII.’, if the data does not directly identify an individual. It could be person’s car brand, favorite food, etc. This data can be viewed by all users in your organization.
Insight: Marking PII type option in custom fields is available only for the following data types: Text, Email, URL, Date, Phone.
- Click Save.