Providing personal information is often required if you want to use, or even access, some websites (such as social-media sites and even your Higher Logic Community site). Because of this, data privacy is of paramount importance.

Understanding this, Higher Logic gives Super Admins complete control to:

• set default privacy settings for all of your members,
• restrict access of Higher Logic staff to your site,
• restrict the types of personal information that can be viewed and exported in reports, and
• manage GDPR compliance for your members.

NOTE: Each Higher Logic user can manage their own privacy settings from their Profile > My Account > Privacy Settings page (refer to the Privacy Settings section of Manage Your Inbox & Account Preferences for more information).

Manage privacy settings

As a Super Admin, you can control the visibility of Personally Identifiable Information (PII) that displays in reports and exports run by Community Admins and/or members (there are several areas where your members can export user information, like the Member Directory or Community Admin reports).

NOTE: These settings do not impact what's displayed on a user's profile (each user has full control over their own privacy settings).

NOTE: PII data is always included in reports and exports by Super Admins, even PII that is toggled off is included.

To manage your PII settings:

1. In the Admin Toolbar, click Admin.

2. Navigate to Settings > Security > PII Access.

On this page, you can control what personal information can be included in these reports by checking the appropriate boxes. For example, if you do not check (or uncheck) Email Address and Phone Numbers, this information will be excluded from all Higher Logic reports and exports, even if a user's profile privacy settings are set to show this information.

NOTE: This exclusion rule is not applicable to reports and exports run by Super Admins. Their reports and exports will always include all PII, irrespective of these settings.

Manage Higher Logic staff access

Typically, Higher Logic staff will only ever access your site in order to:

• Prepare your site for go-live during the implementation process
• Address customer support cases
• Reproduce and validate performance and platform issues

Any support that we provide must be performed in accordance with your organization's privacy policies. Therefore, your account's Super Admins can use the Higher Logic Access page (described below) in order to establish guidelines for Higher Logic staff who have to access your site.

Notes

Higher Logic staff are limited to read-only access to this page; they cannot change any of these settings.

All Higher Logic staff access to your site is logged in the Impersonation Log report.

• To view this report, navigate to Admin > Reports > Logins.

When changes are made on this page, an email message is automatically sent to all account Super Admins via the Higher Logic Staff Access Changed Notification email template.

• To manage this template, navigate to Admin > Email > Email Management > Email Templates and select the Data Privacy category.

To manage Higher Logic staff access:

1. In the Admin Toolbar, click Admin.

2. Navigate to Settings > Security > Higher Logic Access.

Here, Super Admins can control:

Login Session Length

You can define (in minutes) how long Higher Logic staff can access your site (if you allow them to access it at all).

Departmental Access

Here, you can set a specific access level for each Higher Logic department:

• Customer Support - Staff who provide assistance by answering your support tickets.
• Quality Assurance - Staff who review updates to the software to ensure they meet our quality standards.
• Sales and Marketing - Staff who explain our software and what we offer to clients (and prospective clients).

For each department, you can restrict access altogether OR set one of three user roles to control their level of access to your site's content and your member's information:

• Member - Grants Higher Logic staff the same level of access as one of your members.
• Non-Member - Grants Higher Logic Staff non-member access to your site (i.e., they can only view public content).
• Administrator - Grants Higher Logic staff Super Admin access to your site, meaning they can access everything and manage your Community site's settings.

NOTE: To remove all access for a department, uncheck all three user roles; the field updates to No Access.

User Access

In some situations, you may want to give a specific Higher Logic staff member access to your site (e.g., they need additional access permissions to address a support ticket). If so, click Add, select the staff member, the time period they'll have access, and their level of access.

Any Higher Logic staff with active sessions are listed here, along with the start and end date of their session, the role(s) they have been given, and any actions they've performed.

User Data Privacy and impersonation

Impersonation can be used by Super Admins to perform a requested action on behalf of a member. It's also used to troubleshoot problems that are difficult to recreate in other ways due to unique data/user-specific conditions.

Despite Super Admins being able to impersonate community members, when they do, all user-data privacy policies and guidelines must be strictly followed.

• By default, the impersonation feature is OFF (the status is set to Inactive). Super Admins can turn it ON (set to Active) by navigating to Settings > Security > Impersonation.

IMPORTANT: Unlike your Super Admins, Higher Logic staff cannot impersonate a specific user on your site. Higher Logic staff are limited to the General impersonation (i.e., the Member and Non-Member) impersonation options. This limitation might necessitate screen-sharing and other techniques for us to assist you with issues that, in the past, we were able to resolve through impersonation.

To learn about the benefits of impersonation and how to manage its settings for your account, see Impersonation.

Related articles

Countries have been enacting legislation in order strengthen individuals' data protection by regulating how organizations and individuals obtain, store, use, and dispose of personal data. Visit our Compliance & Security section where there are product-specific data-privacy articles in addition to the following regulations.

• European Union legislation - GDPR Resources
• United States legislation - CAN-SPAM and Anti-Spam Requirements
• Canadian legislation - Canada's Anti-Spam Legislation (CASL)
• State of California legislation - California Consumer Privacy Act