Privacy and Security
At Zoho Invoice, we take the privacy of your organisation very seriously. With the data protection laws coming up, the following feature enhancements in Zoho Invoice will help you stay GDPR compliant.
Custom Field Creation
Custom fields in Zoho Invoice allow you to quickly and easily add data against fields created by you. When you create a new custom field, you can choose to encrypt and save sensitive information.
- Click the Gear icon from the top right corner and select Preferences.
- Select the module for which you would like to create a new custom field.
- Enter the Label Name.
- Select how you want to store your data based on its sensitivity under Data Privacy
You can select one of the following options:
- Select PII (Personally Identifiable Information) if the information that you will enter is confidential and can be used to identify a person. You can choose to encrypt and store it if the data is sensitive or store it without encryption if the data is non-sensitive. Choose if the information you enter will be sensitive or not sensitive:
- Sensitive data. Encrypt and store it. This data can be viewed only by Admin users.
- Not sensitive data. Store it without encryption. Only Admin users can view the details. However, other users can use this field to perform advanced searches.
Select ePHI (Electronic Protected Health Information) if the information that you enter is any sensitive medical data that can be used to identify a patient. For example, the medical insurance number of your customer will be ePHI. The data will be considered as sensitive; it will be encrypted and stored. Only Admin users can access this field and other users will not be able to use this field to perform advanced searches.
Select the other settings and click Save.
Restricting Data Export
Since only Admin users will be able to access any custom fields with PII or ePHI, other users will not be able to export any sensitive information. This would include SSN number, bank account number, and any custom fields created and marked as sensitive.
Here’s how Admins can export sensitive data:
- Navigate to the module you would like to export data.
- Click Export from the hamburger icon.
- Select the module you want to export, choose the status of the transaction, and select the file format.
- Enable the option Include Sensitive Personally Identifiable Information (PII) while exporting.
- Click Export.