Scan and redact Sensitive Data in HubSpot

Scan and redact Sensitive Data to identify sensitive information stored in CRM activities such as notes, calls, tasks, emails, and meetings. Super Admins can run scans to detect flagged values and redact them when Sensitive Data is configured in the account. This reduces compliance risk associated with unintentionally stored financial or health data. If Sensitive Data isn't turned on in your account, you can review the scan results.

Before you get started

Before you begin working with this feature, make sure to fully understand what steps should be taken ahead of time, as well as the limitations of the feature and potential consequences of using it. 

Understand requirements

• You must turn on Sensitive Data in the account to redact detected values.
• When you don't configure Sensitive Data, you can still scan and review the results, but the flagged values can't be redacted.

Understand limitations & considerations

• Sensitive Data scans analyze CRM activities from the last 60 days.
• Each account is limited to one scan every 30 days.
• Redaction replaces detected values with placeholder text. 

Scan for Sensitive Data

Scan for Sensitive Data to detect sensitive values in CRM activities from the previous 60 days. Only users with Super Admin permission can run scans.

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to Security.
3. Click the Sensitive Data tab. 
4. In the Sensitive Data Scan section, click Start scan. If you've done a scan before, click Scan again.
   
   
   
   
5. In the right panel, select the checkboxes next to the types of data you want to scan (e.g., PII or Health information). 
6. In the Exclude keywords from your scan section, enter any keywords you'd like to exclude. Press Enter after each keyword to add it.
7. In the bottom right, click Next. 
8. Review the information and select the checkbox to agree. 
9. Click Start scan. While the scan is running, a Scan in progress banner is displayed in the Sensitive Data Scan section. An email notification is sent when scan results are available.

Review Sensitive Data scan results

Review scan results to examine detected values and determine whether action is required. Only users with Super Admin permission can review results and take action. All actions taken during review are recorded in the account’s audit logs.

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to Security.
3. Click the Sensitive Data tab. 
4. In the Sensitive Data Scan section, click View results.
5. To filter the results, click the dropdowns at the top. To filter by record name, enter record names in tin the searchIcon search bar.
6. To review an activity, hover over the activity and click View details.
7. In the right panel, click View in CRM to view the full activity details. To view the specific value that was flagged, click Value #. 

Mark values as non-sensitive 

Mark values as non-sensitive to indicate that flagged information doesn’t require redaction. After you mark values as non-sensitive, they remain in the account.

1. In the right panel, select the Mark as non-sensitive checkbox.
2. Click Next.
3. Click Next again.
4. Click Confirm.

Redact values from an account 

If you have Sensitive Data turned on in your account, you can redact values from your account. This will permanently remove values from CRM activities. The original value will be replaced with placeholder text.

1. In the right panel, click Next.
2. Select the checkbox next to the value you want to remove, and click Next.
3. Click Confirm. 

After redaction, the original value is replaced with generic placeholder text, such as REDACTED-ACCOUNT-NUMBER.