Help & Documentation

Learn how to use StructureGram

Viewing Sensitive Data

This guide explains how to view Tax File Numbers (TFN) and Director Identification Numbers (DIN) in StructureGram, including how to reveal full numbers when needed and the security features that protect this information.

Understanding Masked Display

By default, sensitive data is always displayed in a masked format to protect privacy and security:

Masked Format Examples

  • TFN: *** *** 789 (showing only last 3 digits)
  • DIN: *** *** *** *** 345 (showing only last 3 digits)

This masked display:

  • ✅ Lets you identify which record has data without exposing sensitive numbers
  • ✅ Provides enough information to distinguish between different individuals
  • ✅ Protects data from shoulder surfing (people looking at your screen)
  • ✅ Prevents accidental exposure in screenshots or screen shares
  • ✅ Loads quickly without requiring decryption

Where You'll See Sensitive Data

Sensitive data appears in several places throughout StructureGram:

1. Individual Detail Pages

When viewing an individual's full details:

  • Scroll to the Sensitive Information section
  • TFN and DIN appear as masked values
  • Lock icons indicate encrypted data
  • Click the lock icon to reveal the full number

2. Individual Edit Forms

When editing an individual:

  • Sensitive fields show masked values for existing data
  • Lock icons let you reveal current values before editing
  • New values are encrypted automatically when saved

3. Diagram Inspector Panel

When clicking an individual in a diagram:

  • The inspector panel shows individual details
  • Sensitive fields appear in the Sensitive Information section
  • Same reveal functionality as other views

4. Search and Browse Pages

On list/table views:

  • Sensitive data is not displayed for security reasons
  • TFN/DIN are only visible when viewing individual records
  • This prevents bulk exposure of sensitive information

How to Reveal Full Numbers

When you need to see the complete TFN or DIN:

Step-by-Step: Revealing Data

  1. Locate the masked field showing "*** *** [last 3 digits]"
  2. Look for the lock icon 🔒 next to the field
  3. Click the lock icon or the "Reveal" button
  4. Wait a moment while the system securely decrypts the data
  5. The full number appears in place of the masked value
  6. After 30 seconds, the number automatically hides again

Visual States

Before Revealing (Locked):

Tax File Number (TFN)     🔒
*** *** 789

After Clicking Reveal (Unlocked):

Tax File Number (TFN)     🔓
123 456 789               [30s remaining]

Auto-Hidden After 30 Seconds:

Tax File Number (TFN)     🔒
*** *** 789

Security Features While Viewing

Auto-Hide Timer

Revealed sensitive data automatically hides after 30 seconds:

  • Why 30 seconds? This gives you time to read and use the number while minimizing exposure risk
  • Timer countdown: You'll see a countdown indicator showing time remaining
  • Manual hide: Click the lock icon again to hide immediately if needed
  • Multiple reveals: You can reveal the data again as many times as needed

Audit Logging

Every time you reveal sensitive data, the system creates an audit record:

  • Who: Your user ID
  • When: Exact timestamp
  • What: Which fields were revealed (TFN, DIN, or both)
  • Where: Which individual's data was accessed

This audit trail:

  • Helps with compliance and security monitoring
  • Deters unauthorized access
  • Allows administrators to review data access patterns
  • Does not prevent you from viewing data you're authorized to see

Visual Indicators

While viewing sensitive data, you'll see:

  • 🔒 Locked icon: Data is masked and encrypted
  • 🔓 Unlocked icon: Data is currently revealed
  • Countdown timer: Shows how long until auto-hide
  • Tooltip information: Hover for details about encryption

Common Viewing Scenarios

Scenario 1: Verifying a TFN for Tax Purposes

Task: You need to confirm an individual's TFN for a tax document.

Steps:

  1. Navigate to the individual's detail page
  2. Locate the TFN field showing "*** *** 789"
  3. Click the lock icon to reveal the full number
  4. Note down the complete TFN: "123 456 789"
  5. Use the number for your tax document
  6. The number automatically hides after 30 seconds

Security tip: Close or minimize the browser window when done to prevent others from seeing your screen.

Scenario 2: Comparing Multiple DINs

Task: You need to check DINs for several directors.

Steps:

  1. Open the first individual's record
  2. Reveal the DIN and note the last 3 digits on paper
  3. Navigate to the second individual
  4. Reveal their DIN and compare
  5. Repeat for additional individuals as needed
  6. Securely dispose of any written notes when done

Security tip: Don't leave multiple browser tabs open with revealed data. Check one at a time.

Scenario 3: Updating Incorrect Data

Task: You notice a TFN might be incorrect and need to verify it.

Steps:

  1. Open the individual's edit form
  2. The TFN shows as "*** *** 456"
  3. Click the lock icon to reveal: "987 654 456"
  4. Compare with your reference document
  5. If incorrect, type the correct number and save
  6. If correct, close the form without making changes

Security tip: Only reveal data when you have a legitimate business need.

Best Practices for Viewing

✅ DO:

  • Verify you're viewing the correct individual before revealing data
  • Position your screen so others can't see it (privacy screens help)
  • Use the auto-hide feature - don't manually keep data revealed longer than needed
  • Close the window or tab when you're done with sensitive data
  • Lock your computer if you need to step away (even briefly)
  • Report suspicious activity if you notice unusual access in audit logs

❌ DON'T:

  • Take screenshots of revealed sensitive data
  • Share your screen via Zoom/Teams while viewing sensitive data
  • Leave revealed data on screen while stepping away
  • Access sensitive data unless you have a legitimate business reason
  • Share sensitive numbers via email, chat, or other communication tools
  • Write down sensitive numbers unless absolutely necessary (destroy notes when done)

Working in Different Locations

Office Environment

When viewing sensitive data in an office:

  • Use a privacy screen filter on your monitor
  • Position your screen away from walkways and windows
  • Be aware of who can see your screen
  • Lock your computer when leaving your desk

Remote/Home Office

When working remotely:

  • Ensure you're alone in the room when revealing data
  • Close blinds/curtains if working near windows
  • Use headphones during video calls so others don't hear you reading numbers aloud
  • Don't access sensitive data on public WiFi networks

Public Spaces

We strongly recommend NOT accessing sensitive data in public spaces like:

  • Cafés or restaurants
  • Co-working spaces with open areas
  • Public libraries
  • Airports or train stations
  • Hotel lobbies

If you must access it in a semi-public space:

  • Use a privacy screen filter
  • Ensure no one is behind you
  • Use a VPN for additional network security
  • Be extra vigilant about shoulder surfing

Troubleshooting Viewing Issues

Can't Find the Lock Icon

Problem: You don't see a way to reveal the sensitive data.

Solutions:

  • Check that the field actually has data (empty fields show "Not provided")
  • Look for a small lock icon next to the masked value
  • Try the detail page view instead of the edit form
  • Ensure you have permission to view sensitive data

Reveal Button Doesn't Work

Problem: Clicking the lock icon does nothing.

Solutions:

  • Check your internet connection
  • Refresh the page and try again
  • Clear your browser cache
  • Try a different browser
  • Contact support if the issue persists

Data Hides Too Quickly

Problem: The 30-second timer isn't long enough.

Solutions:

  • This is by design for security
  • Click the lock icon again to reveal for another 30 seconds
  • If you need to reference the number multiple times, write it down temporarily (securely dispose of the note when done)
  • Consider whether you truly need to keep the data visible longer

Seeing "Unauthorized" Error

Problem: You get an error when trying to reveal data.

Solutions:

  • Verify you're a member of the correct organization
  • Check with your administrator about permissions
  • Ensure you're logged in (session may have expired)
  • Try logging out and back in

Understanding the Decryption Process

When you click to reveal sensitive data, here's what happens behind the scenes:

1. Your Request

  • You click the lock icon
  • Your browser sends a secure request to the server
  • The request includes your authentication credentials

2. Server Processing

  • The server verifies your identity and permissions
  • The server retrieves the encrypted data from the database
  • The server decrypts the data using secure encryption keys
  • An audit log entry is created automatically

3. Secure Delivery

  • The decrypted data is sent back to your browser over HTTPS
  • Your browser displays the full number
  • The 30-second auto-hide timer starts
  • The decrypted data is NOT stored in your browser

4. Automatic Re-Masking

  • After 30 seconds, the data is masked again
  • The decrypted value is removed from browser memory
  • The field returns to showing "*** *** [last 3 digits]"

This entire process takes less than a second and happens automatically whenever you reveal data.

Permissions and Access Control

Who Can View Sensitive Data?

  • Organization Members: All members of your organization can view sensitive data for individuals in that organization
  • Tenant Isolation: You can ONLY view data for your own organization, never for other organizations
  • No Special Permissions Needed: There's no separate "sensitive data" permission - if you can view an individual, you can reveal their sensitive data
  • All Access is Logged: Even though everyone in the organization can view the data, all access is audited

Why This Approach?

This design balances security with usability:

  • Small teams often need shared access to handle tax and compliance matters
  • Overly restrictive permissions can create workflow bottlenecks
  • Audit logging provides accountability without blocking legitimate access
  • Administrators can review audit logs to identify concerning patterns

Privacy Considerations

Your Organization's Data

  • Only members of your organization can see your individuals and their sensitive data
  • Other StructureGram organizations have no access to your data
  • StructureGram staff do not routinely access customer data
  • Support staff may access data only with your permission during troubleshooting

Temporary Data Storage

  • Revealed data is displayed on your screen but not permanently stored in your browser
  • Browser history does not capture revealed sensitive data
  • Browser cache does not store decrypted values
  • Closing the browser tab removes any temporary data from memory

Need Help?

If you have questions about viewing sensitive data or notice any unusual behavior:

  1. Check this guide for troubleshooting steps
  2. Review the audit logs if you suspect unauthorized access
  3. Contact your administrator for permission or policy questions
  4. Reach out to support for technical issues

Remember: Viewing sensitive data is a serious responsibility. Always be mindful of the security and privacy implications, and only access data when you have a legitimate business need.