Safe customer notifications in Jira Service Management for compliance and privacy needs

Announcing safe customer notifications in Jira Service Management as a building block for compliance and privacy needs

At Atlassian, we understand the increasing need to be assured that your data is not only secure but that it’s also being used in a manner that's compliant with laws and regulations. We are constantly working to expand coverage to help organizations meet compliance needs and move to the cloud in a safe and secure manner. Learn more about Atlassian’s compliance program

Today we are happy to announce ‘Safe customer notifications’ in Jira Service Management to help you meet your organization’s compliance needs and protect your and your customers' data managed in your service projects. When you enable or disable a setting, it will impact all your Jira Service Management projects on the site. Please note that ‘Safe customer notifications’ is specific to Jira Service Management generated notifications and not including Automation for Jira notifications.

You must be a site admin to manage the compliance settings. To access the compliance settings:

  1. Go to Settings ⚙️ > Products.

  2. From the sidebar under Jira Service Management, select Compliance settings.

Learn about how to use compliance settings in Jira Service Management to meet your company’s compliance needs

You’ll also need to disable any automation rules that trigger an email notification. Learn how to configure your Atlassian account to meet HIPAA requirements

Protect sensitive data in customer notifications

Enabling safe notifications will hide potentially sensitive information from email notifications. Once enabled, the data including ‘Issue summary’, ‘Issue description’, ‘Comment’, and ‘Attachment’ will be hidden from the corresponding notification emails that your customers will receive. This also means safe notifications will not have attachments in them and your customers will need to log in to the portal to view the entire information available on the request. Learn more about customer notifications

We are currently working on meeting HIPAA compliance for Jira Service Management Cloud and would love your feedback if this feature is relevant to your organisation. We recommend enabling this setting if your organization needs to be HIPAA compliant but please ensure you carefully read the implementation guide to learn how to set up your project correctly. Learn more with the HIPAA Implementation guide

Also feel free to reach out to me, I’d love to talk to you more about how you use Jira Service Management and how we can improve customer notifications for your organisation and meet your compliance needs!

15 comments

Jamie Hess May 19, 2022

This "Answer" was cross-posted in the thread about notifications for Confluence and Jira Software/Core. Is the intent to roll this out to those cloud platforms as well?

Michelle Tan
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 24, 2022

Hi @Jamie Hess

We're still figuring out what notifications will look like in Jira Software/Confluence - stay tuned! 😊

Metin Savignano May 31, 2022

For Server / Data Center, our app S/Notify Email Encryption for Jira can provide HIPAA conformity through end-to-end encrypted notification emails in Jira including customer emails from and to Jira Service Management. We have customers from the health industry that use our app for exactly that purpose.

I was wondering if Atlassian isn't considering email encryption as a solution to compliance and privacy needs? We would love to provide a Cloud solution once Atlassian provides an API to apps to allow processing the emails.

See also JSDCLOUD-8850 where a customer has created a feature request for this.

This solution does not require to reduce the contents of the email, and also works well for Confluence.

Like Troy Anderson likes this
Mihai Nitu June 16, 2022

Hi @Michelle Tan

This is a great feature. 
For now, it is possible to enable/disable it at the instance level.
Is there any chance that at some point in the future it will be configurable at the project/service desk level?
I mean, in the same instance, allowing some projects to use Safe Notifications, while others would use the Standard Notifications.

Kind Regards,
Mihai Nitu

Like # people like this
Kalin U
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 16, 2022

@Mihai Nitu , great suggestion indeed!

Christof Hurst June 16, 2022

Sorry, I don't really understand the results of activating this feature. What exactly is hidden? How is data marked confidential? Is it all the field data? The description? The summary?

Jamie A. Carpenter June 22, 2022

Hello, has this been fully rolled out yet? Our last bundled release was 6/14-6/16, but I still don't see the Compliance Settings under JSM menu in Settings --> Products. I'm site & org admin. 

Michelle Tan
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 27, 2022

Hi all,

Apologies I haven't been able to reply sooner - I've been away sick so I appreciate your patience 🙂

@Metin Savignano We haven't considered this yet as there's quite a lot on our backlog at the moment for improving how we meet compliance and regulatory standards. We'll update you if anything changes for the upcoming year. 🙂

@Mihai Nitu @Kalin U Have your organisations begun using safe notifications? If so, could we please get in contact - I'd love to hear your thoughts on this feature!

@Christof Hurst By turning on safe notifications, this will hide data including ‘Issue summary’, ‘Issue description’, ‘Comment’, and 'Attachment” from the corresponding notification emails that your customers will receive.

@Jamie A. Carpenter Yes this feature has been fully rolled out, are you using Release tracks? Because the feature will available depending on your track options. 🙂

If anyone else has tried out safe notifications and would like to provide feedback on this feature, please let me know - we'd love to hear your thoughts!

Cheers,

Michelle

Jamie A. Carpenter June 28, 2022

Thank you Michelle, that's my misunderstanding then - I thought since the feature was announced in May it'd be released in my June bundled track, but I see it's slated for our next July bundled release :-) Thanks for the reply!

Like Michelle Tan likes this
Mihai Nitu June 29, 2022

Hi Michelle,

 

I tried this feature in a test instance and it looks promising. 

We cannot use it organization-wide, because not all our customers would prefer this approach.

That's why I asked about the possibility to have finer granularity in the future (i.e. enabling/disabling this feature at the Project/ServiceDesk level).

We have a similar setup in a server version of Jira, but there we had the possibility to modify the email templates (directly on the server) and we were "enabling" it only for specific projects or specific Security Levels.

But as you already know very well, the server versions are "fading out", since their support and development will be stopped by February 2024...

Kind Regards,
Mihai

Like Michelle Tan likes this
Michelle Tan
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 14, 2022

Hi @Mihai Nitu ,

Apologies for the delay in reply, it's been a very busy few weeks with the EOFY. 🙂 Thanks a lot for your feedback, having this detail will help us evolve and iterate on our approach with this feature.

I have a few more questions and would love to jump on a call with you and discuss more about this feature if you have the time. 🙂 My email is mtan2 at atlassian dot com, if you could get in touch with me that would be fantastic!

Warm regards,

Michelle

Sara Tucker May 1, 2023

Any updates on this related to being able to have the HIPAA Implementation guide updated to enable outbound emails? 

Ela Bryniarska May 25, 2023

hello @Michelle Tan ,

Is there a way of getting all details masked by the compliance setting except the subject line/title of the ticket? We switched it on and at the end needed to remove the setting due to the customers' complaints as they were unable to see the title, only the number of the tickets and they all stated that it made their work much more difficult. They appreciated the fact that no details were visible in the comments and they were happy to go to the portal to see this content and the attachments but invisible subject line was a NO for all of them.

Thanks

Erich Heerdt June 30, 2023

How do I set my internal team to not get the data censored as the [.....]?

We need this activated for 3rd party emails but at the moment my ITSM site is just being used by internal employees who are very confused why they cannot see comments, ticket summaries, etc in their email notifications.

Chris Payne October 11, 2023

I'm not sure what happened, but after enabling HIPAA compliance all my emails are now void of details. I originally turned on safe notifications and realized the emails were too bare to be useful, so I disabled safe notifications and yet the emails are still blank. I can't see comments, ticket types, etc, which all sounds like the safe notifications feature. But that feature is turned off. How can I get my emails back? What am I missing? This goes for JSM and Jira notifications.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events