You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/privacy/hipaa-eligible-segment.md
+7-10Lines changed: 7 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,10 +40,7 @@ Segment can encrypt PHI/PII before sending it to event stream, cloud mode destin
40
40
Segment encrypts the data in fields [marked as yellow in the Privacy Portal](/docs/privacy/portal/#default-pii-matchers) with a public/private key pair. After Segment encrypts the data, it is converted into a `string`. Any downstream validation that looks for `integer` data types will fail for encrypted values.
41
41
42
42
> info "Data encryption is currently in public beta"
43
-
> This means that the data encryption features are in active development and some functionality may change before it becomes generally available. [Contact Segment](https://segment.com/help/contact/){:target="_blank"} with any feedback or questions.
44
-
>
45
-
> During the public beta, data encryption supports event-stream, cloud-mode destinations. Engage destinations are not supported. Only data fields in `context`, `traits`, and `property` objects can be encrypted.
46
-
43
+
> Data encryption supports event-stream, cloud-mode destinations. Engage destinations are not supported. Only data fields in `context`, `traits`, and `property` objects can be encrypted. =
47
44
48
45
### Configure data encryption for a new destination
49
46
@@ -54,7 +51,7 @@ To configure data encryption while setting up a new destination:
54
51
4. On the Select data source page, select the source you want to connect to your destination and click **Next**.
55
52
5. On the Setup page, give your destination a name, fill in any optional settings, and select the **Have Segment encrypt sensitive data** checkbox.
56
53
6. Open the **Fields** dropdown, select one or more fields you'd like to encrypt and click the **Generate Encryption Keys** button. <br> *If you don't see all of the fields that you want to encrypt, [change the classification of your missing data fields](/docs/privacy/portal/#change-a-recommended-classification) in the Privacy Portal*.<br>
57
-
7.Copy the Private Key to a secure location - **once you finish setting up the destination, this key cannot be retrieved**.
54
+
7.Securely store your private key - **once you finish setting up the destination, this key cannot be retrieved**.
58
55
8. Click **Create destination**.
59
56
60
57
> error "Private Key is not recoverable"
@@ -67,27 +64,27 @@ To configure data encryption for an existing destination:
67
64
2. Select a destination, and click the **Data Encryption** tab.
68
65
3. On the Data Encryption page, select the **Have Segment encrypt sensitive data** checkbox.
69
66
4. Open the **Fields** dropdown, select one or more fields you'd like to encrypt and click the **Generate Encryption Keys** button. <br> *If you don't see all of the fields that you want to encrypt, [change the classification of your missing data fields](/docs/privacy/portal/#change-a-recommended-classification) in the Privacy Portal*.<br>
70
-
5.Copy the Private Key to a secure location - **once you finish configuring data encryption, this key cannot be retrieved**.
67
+
5.Securely store your private key - **once you finish configuring data encryption, this key cannot be retrieved**.
71
68
6. Click **Save**.
72
69
73
70
> error "Private Key is not recoverable"
74
-
> Segment does not save the private key created during the data encryption setup, and cannot retrieve the key after you add data encryption to your destination. Segment cannot decrypt data if this key is lost. You can generate a new key without decrypting your data using the instructions in the [Configure new key pairs](#configure-new-key-pairs) section.
71
+
> Segment does not save the private key created during the data encryption setup, and cannot retrieve the key after you add data encryption to your destination. Segment cannot decrypt data if this key is lost. You can generate a new key any time using the instructions in the [Configure new key pairs](#configure-new-key-pairs) section. All updates are forward looking
75
72
76
73
77
74
### Configure new key pairs
78
75
79
-
If you lose access to your initial private key, you can generate a new key pair in your destination's Data Encryption tab. Any data previously encrypted using the previous key pair will remain encrypted.
76
+
If you lose access to your private key, you can generate a new key pair in your destination's Data Encryption tab. Any data previously encrypted using the previous key pair is unaffected.
80
77
81
78
To generate a new key pair:
82
79
1. Open the [My destinations page](https://app.segment.com/goto-my-workspace/destinations){:target="_blank”} in the Segment app.
83
80
2. Select the destination you'd like to create new keys for and click **Settings**.
84
81
3. Click **Regenerate Encryption Keys**.
85
-
4.Copy the Private Key to a secure location - **once you close the dialog box, this key cannot be retrieved**.
82
+
4.Securely store your private key - **once you close the dialog box, this key cannot be retrieved**.
86
83
5. Click **Save Changes** to update the key pair.
87
84
88
85
### Remove encryption
89
86
90
-
Disabling the data encryption setting removes encryption on all data that comes into a destination after the setting was disabled. Disabling data encryption does not decrypt any data that was previously encrypted.
87
+
Disabling the data encryption setting removes encryption on all data that comes into a destination after the setting was disabled.
91
88
92
89
To remove encryption from incoming data:
93
90
1. Open the [My destinations page](https://app.segment.com/goto-my-workspace/destinations){:target="_blank”} in the Segment app.
0 commit comments