Safe customer notifications in Jira Service Management for compliance and privacy needs

This "Answer" was cross-posted in the thread about notifications for Confluence and Jira Software/Core. Is the intent to roll this out to those cloud platforms as well?

Hi @Jamie Hess

We're still figuring out what notifications will look like in Jira Software/Confluence - stay tuned! 😊

For Server / Data Center, our app S/Notify Email Encryption for Jira can provide HIPAA conformity through end-to-end encrypted notification emails in Jira including customer emails from and to Jira Service Management. We have customers from the health industry that use our app for exactly that purpose.

I was wondering if Atlassian isn't considering email encryption as a solution to compliance and privacy needs? We would love to provide a Cloud solution once Atlassian provides an API to apps to allow processing the emails.

See also JSDCLOUD-8850 where a customer has created a feature request for this.

This solution does not require to reduce the contents of the email, and also works well for Confluence.

Hi @Michelle Tan, 

This is a great feature. 
For now, it is possible to enable/disable it at the instance level.
Is there any chance that at some point in the future it will be configurable at the project/service desk level?
I mean, in the same instance, allowing some projects to use Safe Notifications, while others would use the Standard Notifications.

Kind Regards,
Mihai Nitu

@Mihai Nitu , great suggestion indeed!

Sorry, I don't really understand the results of activating this feature. What exactly is hidden? How is data marked confidential? Is it all the field data? The description? The summary?

Hello, has this been fully rolled out yet? Our last bundled release was 6/14-6/16, but I still don't see the Compliance Settings under JSM menu in Settings --> Products. I'm site & org admin. 

Hi all,

Apologies I haven't been able to reply sooner - I've been away sick so I appreciate your patience 🙂

@Metin Savignano We haven't considered this yet as there's quite a lot on our backlog at the moment for improving how we meet compliance and regulatory standards. We'll update you if anything changes for the upcoming year. 🙂

@Mihai Nitu @Kalin U Have your organisations begun using safe notifications? If so, could we please get in contact - I'd love to hear your thoughts on this feature!

@Christof Hurst By turning on safe notifications, this will hide data including ‘Issue summary’, ‘Issue description’, ‘Comment’, and 'Attachment” from the corresponding notification emails that your customers will receive.

@Jamie A. Carpenter Yes this feature has been fully rolled out, are you using Release tracks? Because the feature will available depending on your track options. 🙂

If anyone else has tried out safe notifications and would like to provide feedback on this feature, please let me know - we'd love to hear your thoughts!

Cheers,

Michelle

Thank you Michelle, that's my misunderstanding then - I thought since the feature was announced in May it'd be released in my June bundled track, but I see it's slated for our next July bundled release :-) Thanks for the reply!

Hi Michelle,

I tried this feature in a test instance and it looks promising. 

We cannot use it organization-wide, because not all our customers would prefer this approach.

That's why I asked about the possibility to have finer granularity in the future (i.e. enabling/disabling this feature at the Project/ServiceDesk level).

We have a similar setup in a server version of Jira, but there we had the possibility to modify the email templates (directly on the server) and we were "enabling" it only for specific projects or specific Security Levels.

But as you already know very well, the server versions are "fading out", since their support and development will be stopped by February 2024...

Kind Regards,
Mihai

Hi @Mihai Nitu ,

Apologies for the delay in reply, it's been a very busy few weeks with the EOFY. 🙂 Thanks a lot for your feedback, having this detail will help us evolve and iterate on our approach with this feature.

I have a few more questions and would love to jump on a call with you and discuss more about this feature if you have the time. 🙂 My email is mtan2 at atlassian dot com, if you could get in touch with me that would be fantastic!

Warm regards,

Michelle

Any updates on this related to being able to have the HIPAA Implementation guide updated to enable outbound emails? 

hello @Michelle Tan ,

Is there a way of getting all details masked by the compliance setting except the subject line/title of the ticket? We switched it on and at the end needed to remove the setting due to the customers' complaints as they were unable to see the title, only the number of the tickets and they all stated that it made their work much more difficult. They appreciated the fact that no details were visible in the comments and they were happy to go to the portal to see this content and the attachments but invisible subject line was a NO for all of them.

Thanks

How do I set my internal team to not get the data censored as the [.....]?

We need this activated for 3rd party emails but at the moment my ITSM site is just being used by internal employees who are very confused why they cannot see comments, ticket summaries, etc in their email notifications.

I'm not sure what happened, but after enabling HIPAA compliance all my emails are now void of details. I originally turned on safe notifications and realized the emails were too bare to be useful, so I disabled safe notifications and yet the emails are still blank. I can't see comments, ticket types, etc, which all sounds like the safe notifications feature. But that feature is turned off. How can I get my emails back? What am I missing? This goes for JSM and Jira notifications.