Help & Documentation

Learn how to use StructureGram

Entering Sensitive Data

This guide explains how to securely enter and update Tax File Numbers (TFN) and Director Identification Numbers (DIN) for individuals in StructureGram.

Understanding the Input Process

When you enter a TFN or DIN, StructureGram follows a secure process to protect your data:

  1. You enter the full number in a standard form field
  2. The data is encrypted immediately when you save the record
  3. Only the encrypted version is stored in the database
  4. The last 3 digits are saved separately for display purposes
  5. The original number is never stored in plain text

This all happens automatically - you don't need to do anything special except enter the number correctly.

Entering Data in Individual Forms

Creating a New Individual

When creating a new individual with sensitive data:

  1. Navigate to Individuals from the main menu
  2. Click "Add Individual" to open the creation form
  3. Fill in required fields (First Name, Last Name, Sex)
  4. Scroll to the Sensitive Information section
  5. Enter the TFN and/or DIN as needed:
    • TFN: Enter 9 digits (spaces optional, e.g., "123456789" or "123 456 789")
    • DIN: Enter 15 digits (spaces optional, e.g., "123456789012345" or "123 456 789 012 345")
  6. Click "Save" to create the individual

The numbers you entered are immediately encrypted before being stored.

Updating Existing Individuals

To update sensitive data for an existing individual:

  1. Find the individual using search or browse pages
  2. Click to view the individual's details
  3. Click "Edit" to open the editing form
  4. You'll see masked values like "*** *** 789" for existing data
  5. To change a value:
    • Click the lock icon next to the field to reveal the current value
    • The full number displays for 30 seconds
    • Edit the number as needed
    • The new value is encrypted when you save
  6. Click "Save" to update the individual

Input Format and Validation

TFN (Tax File Number)

Format: 9 digits total

  • Can be entered with or without spaces
  • System accepts: 123456789 or 123 456 789
  • Invalid entries (non-numeric, wrong length) will show an error

Examples:

  • 123456789
  • 123 456 789
  • 12-345-6789 (no hyphens allowed)
  • 12345678 (must be 9 digits)

DIN (Director Identification Number)

Format: 15 digits total (5 groups of 3)

  • Can be entered with or without spaces
  • System accepts: 123456789012345 or 123 456 789 012 345
  • Invalid entries (non-numeric, wrong length) will show an error

Examples:

  • 123456789012345
  • 123 456 789 012 345
  • 123-456-789-012-345 (no hyphens allowed)
  • 12345678901234 (must be 15 digits)

What Happens When You Save

When you click "Save" on a form containing TFN or DIN data:

1. Data Transmission (Encrypted)

  • Your data travels over a secure HTTPS connection
  • The connection is encrypted using TLS (the same security used by banks)
  • No one can intercept or read the data in transit

2. Server-Side Encryption

  • The server receives your data over the secure connection
  • The TFN/DIN is immediately encrypted using AES-256-GCM encryption
  • The last 3 digits are extracted and stored separately for UI display
  • The original plain text number is never written to the database

3. Database Storage

  • Only the encrypted version is stored in the database
  • The last 3 digits are stored in plain text (e.g., "789")
  • The encrypted data looks like random characters to anyone viewing the database directly

4. Confirmation

  • You'll see a success message
  • The form closes or updates to show the masked value
  • The individual's record now shows "*** *** 789" instead of the full number

Security Features During Data Entry

Visual Indicators

When working with sensitive fields, you'll see:

  • 🔒 Lock Icon: Indicates the field contains encrypted data
  • Masked Display: Shows "*** *** [last 3 digits]" when viewing
  • Tooltip Information: Hover over the lock icon to learn about encryption
  • Auto-hide Timer: Revealed values automatically hide after 30 seconds

Data Entry Form

<img src="/images/help/sensitive-data-entry.png" alt="Sensitive data entry form showing masked TFN field" />

The form includes:

  • Clear labels for TFN and DIN fields
  • Format hints (e.g., "9 digits" or "15 digits")
  • Lock icons indicating encryption protection
  • Validation to ensure correct format

Common Scenarios

Scenario 1: Entering a New TFN

Task: You need to add a TFN for a new individual.

Steps:

  1. Create or edit the individual
  2. Locate the "Tax File Number (TFN)" field
  3. Type the 9-digit number (with or without spaces)
  4. Complete other required fields
  5. Click "Save"

Result: The TFN is encrypted and stored securely. You'll see "*** *** [last 3 digits]" when viewing the record.

Scenario 2: Updating an Incorrect DIN

Task: You discover an incorrect DIN needs to be corrected.

Steps:

  1. Open the individual's edit form
  2. Find the "Director Identification Number (DIN)" field showing "*** *** *** *** 345"
  3. Click the lock icon to reveal the full current value
  4. Verify the current number and identify the error
  5. Enter the correct 15-digit DIN
  6. Click "Save"

Result: The new DIN is encrypted and stored, replacing the old value.

Scenario 3: Adding Missing Sensitive Data

Task: An individual record exists but is missing TFN/DIN data.

Steps:

  1. Navigate to the individual's detail page
  2. Click "Edit" to open the form
  3. The TFN and DIN fields will be empty
  4. Enter the missing data as needed
  5. Click "Save"

Result: The new sensitive data is encrypted and added to the record.

Data Entry from Diagrams

You can also enter sensitive data through the diagram inspector:

  1. Open an Ownership or Family Tree diagram
  2. Click on an individual in the diagram
  3. The inspector panel opens on the right side
  4. Scroll to the Sensitive Information section
  5. Enter or update TFN/DIN as needed
  6. Changes save automatically when you click outside the field or navigate away

The same encryption and security processes apply when entering data through the diagram inspector.

Best Practices for Data Entry

✅ DO:

  • Double-check numbers before saving - encrypted data is hard to verify later without revealing it
  • Use the reveal function to verify existing data before making changes
  • Enter data in a secure location where others can't see your screen
  • Clear the field completely if you need to remove a TFN/DIN (save with an empty field)

❌ DON'T:

  • Copy and paste from unsecured sources - ensure your clipboard is cleared afterward
  • Leave the entry form open unattended with sensitive data visible
  • Enter dummy or test data - only enter real, verified numbers
  • Share your screen while entering sensitive data

Troubleshooting

"Invalid TFN format" Error

Problem: The system won't accept your TFN.

Solutions:

  • Ensure you're entering 8 or 9 digits
  • Remove any hyphens, spaces, or other characters (the system will format it for you)
  • Check for typos or missing digits

"Invalid DIN format" Error

Problem: The system won't accept your DIN.

Solutions:

  • Ensure you're entering exactly 15 digits
  • Remove any hyphens or special characters
  • Verify you have 5 groups of 3 digits

Can't See the Sensitive Data Fields

Problem: The TFN/DIN fields aren't visible in the form.

Solutions:

  • Check that you're editing an Individual (companies and trusts don't have TFN/DIN fields)
  • Scroll down in the form - sensitive fields are typically near the bottom
  • Ensure you have permission to view/edit sensitive data in your organization

Revealed Data Won't Stay Visible

Problem: When you reveal a TFN/DIN, it hides too quickly.

Solutions:

  • This is by design - revealed data automatically hides after 30 seconds for security
  • Click the lock icon again to reveal the data for another 30 seconds
  • If you need to reference the number, consider writing it down temporarily (then destroy the note when done)

Audit and Compliance

Every time you enter or update sensitive data:

  • An audit record is created automatically
  • The record includes:
    • Your user ID
    • The timestamp
    • The action taken (created or updated)
  • Organization administrators can review these audit logs
  • This helps with compliance reporting and security monitoring

You don't need to do anything special - the audit trail is automatic.

Need Help?

If you encounter any issues entering or updating sensitive data:

  1. Check this guide for common solutions
  2. Contact your organization administrator for permission issues
  3. Reach out to support if you believe there's a system problem

Remember: Take your time when entering sensitive data. It's better to verify carefully than to have to reveal and correct it later.