You can control which users can access specific participant fields. Fields which have restricted access are called “protected fields”.

When you upload participant records using the Participants activity (or when activating from Professional or Author), you can mark a field as “Protected”. UNICOM Intelligence Interviewer - Server Admin encrypts the values for that field in the uploaded sample as they are stored in the Participants database. It also decrypts the values when they are needed, for example, for Interviewers and Reviewers working with a specific Participant record and for users of Participants that have been assigned the ability to view protected fields. Users can change the protected state of a field from Participants if they have permission to do so.

To protect a field, click Protected on the Required Fields tab or the Additional Fields tab. To do this, you must have the “Can upload participants” permission (see Permissions for using protected fields).

To change the protection of a field after the first upload, you must have the “Can unprotect fields” permission.

A lock icon indicates that a field is protected. This icon appears on the View tab in Participants, and on the Participants tab in the Email Job dialog.

To display the decrypted value, click the lock icon. To do this, you must have “Can view protected fields” permission.

If a value cannot be decrypted, the encrypted value displays. This might be because the value is not a valid protected value, for example, if it was updated directly in the SQL table. For more information about why the value could not be decrypted, see the log files.

When selecting records based on a protected field, you can use only the = operator.

The Download options download sample as it is displayed. If the sample has been unlocked, the decrypted values are downloaded. If the sample is locked, then encrypted values are downloaded.

To change an encrypted field, you must first unlock it.

You cannot change a Protected field by using the Update option when Advanced editing is selected. The UPDATE statement is executed as is without applying encryption.

You can set these permissions in User Administration.

UNICOM Intelligence records a message in the log files when these changes are made to protected fields:

Phone interviewers see the protected fields as decrypted values, because they need the information for their job.

Decrypted values are shown during Review, from Phone Participants or the Review activity. However, if a search for a record to review returns multiple records, protected fields are displayed as encrypted values, until you choose a specific record to review.

When setting up jobs:

Protected fields are not decrypted in interviewing reports.

When setting up an email job, do not encrypt fields that are used for the Email filter expression.

List the fields that will be set to Protected for every project in the DefaultParticipantsProtectedFields DPM site property. For example, if you set DefaultParticipantsProtectedFields to Name,Email,PhoneNumber and a participants file is uploaded and it contains the Name field, the Name field defaults to Protected.

The ActivateDocument.xml file includes a ProtectedFields Collection property on the Queues object. You can set that field if you have custom activate applications.

The default algorithm that is used to encrypt protected files is the AES-128 algorithm. To use the AES-256 algorithm, complete the following steps:

Log files: The log files include the PhoneNumber field when using an autodialer. Therefore, you must restrict access to the Manage Logs feature.

Mobile SDK: Protected sample fields are delivered to the client as encrypted values. The server assumes that they are also returned encrypted. Clients cannot decrypt those fields; therefore, do not protect fields that clients use, for example, to show them to the interviewer.

Third party applications: Third party applications that access the participants tables directly see that the protected field is returned as encrypted. Therefore, third party applications should search for records by using the Id field, because it cannot be encrypted.

Shared sample management tables: If a field is set as protected for one of the projects that share a sample table, for example, for one project in a chain of projects, the field is encrypted for all projects. However, the other projects that share the sample table will not be aware that the field is encrypted, so they use the encrypted value. This causes an issue if the field is used in the sample management or interview script or viewed on screen. If the field is used in all projects, update the ProtectedFields DPM property in SampleManagements/<SampleManagementName>/Queueing/Queues/Properties for all projects.