Task Visibility and Sensitivity
This guide explains how to manage task visibility and sensitivity settings to control what clients can see and protect sensitive information.
Overview
The Task Registry now includes two important security features:
- Task Visibility - Controls whether tasks are shown to clients or kept internal
- Task Sensitivity - Marks tasks containing sensitive data that require special handling
Task Visibility
What is Task Visibility?
Task visibility determines whether a task appears in the client portal. This allows you to create internal tasks that only bank agents can see.
When to Use Internal Tasks
Make a task internal (not visible to clients) when:
- The task contains bank-internal processes or reviews
- The task involves compliance checks intended for internal review only
- The task contains preliminary assessments or decisions
- The task is for bank staff coordination only
How to Set Task Visibility
When creating or editing a task in the Task Registry:
- Navigate to Settings → Task Registry
- Click Add New Task or select an existing task
- Find the Visible to Client toggle
- Toggle OFF to make the task internal (only visible to bank agents)
- Toggle ON to make the task visible to clients (default)
Effects of Internal Tasks
When a task is marked as internal:
- ❌ Clients cannot see the task in their portal
- ❌ Clients do not receive email notifications about the task
- ✅ Bank agents can still see and manage the task
- ✅ The task appears with an "Internal" badge in the task list
Task Sensitivity
What is Task Sensitivity?
Task sensitivity is a security feature for tasks containing confidential information. When a task is marked as sensitive, viewing its data creates an audit log entry for compliance tracking.
When to Mark Tasks as Sensitive
Mark a task as sensitive when it contains:
- Personal financial information
- Medical records or health information
- Legal documents with confidential details
- Private business information
- Any data requiring access tracking for compliance
How to Set Task Sensitivity
When creating or editing a task in the Task Registry:
- Navigate to Settings → Task Registry
- Click Add New Task or select an existing task
- Find the Sensitive Task toggle
- Toggle ON to mark the task as sensitive
- Toggle OFF for regular tasks (default)
Managing Sensitive Tasks in Loan Applications
Once a task is created from the registry, you can also toggle its sensitivity status directly:
- Go to the loan application
- Navigate to the Tasks tab
- Select the task you want to modify
- Click the shield icon (🛡️) to toggle sensitivity
- Confirm your action in the dialog
Important: Task sensitivity can only be toggled after a loan request is assigned to your bank. Tasks in the bazaar (unassigned loans) cannot have their sensitivity changed.
Effects of Sensitive Tasks
When a task is marked as sensitive:
- 🔒 Task data appears encrypted until explicitly accessed
- 📝 Viewing the task data creates an audit log entry
- 👁️ A warning dialog appears before showing sensitive data
- 🛡️ The task shows a "Sensitive" badge in the interface
Audit Trail for Sensitive Tasks
Every time someone views sensitive task data, the system records:
- Who accessed the data
- When they accessed it
- Which task was viewed
- The loan request context
This audit trail helps with:
- Compliance requirements
- Security investigations
- Access pattern monitoring
- Privacy regulations compliance
Combined Visibility and Sensitivity
You can combine these settings for maximum security:
| Setting | Use Case |
|---|---|
| Visible + Not Sensitive | Regular client tasks (default) |
| Visible + Sensitive | Client tasks with confidential data |
| Internal + Not Sensitive | Regular bank-only tasks |
| Internal + Sensitive | Highly confidential bank processes |
Best Practices
For Task Visibility
- Default to Visible: Only make tasks internal when necessary
- Clear Naming: Use descriptive names for internal tasks
- Document Purpose: Add clear descriptions explaining why a task is internal
- Regular Review: Periodically review internal tasks to ensure they should remain hidden
For Task Sensitivity
- Err on the side of caution: When in doubt, mark potentially sensitive tasks as sensitive
- Consistent Application: Apply sensitivity consistently across similar task types
- Train Staff: Ensure all agents understand when to access sensitive data
- Monitor Access: Regularly review audit logs for sensitive task access
Examples
Example 1: Internal Compliance Check
- Task Name: "AML Compliance Review"
- Visible to Client: ❌ OFF (Internal)
- Sensitive Task: ✅ ON
- Reason: Bank-internal compliance process with confidential assessments
Example 2: Salary Documentation
- Task Name: "Submit Salary Slips"
- Visible to Client: ✅ ON
- Sensitive Task: ✅ ON
- Reason: Client needs to submit documents, but they contain sensitive financial data
Example 3: Property Valuation
- Task Name: "Property Valuation Report"
- Visible to Client: ✅ ON
- Sensitive Task: ❌ OFF
- Reason: Standard document that client needs to see, no special sensitivity
Example 4: Internal Team Note
- Task Name: "Team Review Meeting Notes"
- Visible to Client: ❌ OFF (Internal)
- Sensitive Task: ❌ OFF
- Reason: Internal coordination task, no sensitive data
Troubleshooting
Cannot Toggle Task Sensitivity
Issue: The sensitivity toggle is disabled in the task details.
Solution: Ensure the loan request is assigned to your bank. Sensitivity can only be changed for bank-assigned loans, not for loans in the bazaar.
Client Received Notification for Internal Task
Issue: A client was notified about a task marked as internal.
Solution: This should not happen with properly configured internal tasks. Check:
- The task visibility setting in Task Registry
- Ensure the task was created after the visibility setting was applied
- Contact support if the issue persists
Audit Log Shows "Unknown User"
Issue: Sensitive task access logs show "Unknown User".
Solution: This indicates a system access. For proper user tracking, ensure agents are properly logged in when accessing sensitive tasks.
Frequently Asked Questions
Can clients ever see internal tasks?
No, internal tasks are completely hidden from the client portal and API. Only bank agents with proper permissions can see them.
Do sensitive tasks require special permissions?
Viewing sensitive tasks requires you to be either:
- The assigned agent for the loan request
- A loan manager with oversight permissions
- An administrator
Can I change visibility after tasks are created?
Task visibility is inherited from the Task Registry when tasks are created. You cannot change visibility of individual task instances after creation. Plan your visibility settings carefully in the Task Registry.
Are audit logs permanent?
Yes, audit logs for sensitive task access are permanent and cannot be deleted. This ensures compliance with data protection regulations.
What happens to email notifications for sensitive tasks?
Sensitive tasks that are visible to clients will still trigger email notifications. The email will notify about the task assignment but won't include the sensitive data. Clients must log in to the portal to view the actual content.
Summary
Task visibility and sensitivity features provide powerful tools for:
- Keeping internal processes confidential
- Protecting sensitive client data
- Maintaining audit trails for compliance
- Balancing transparency with security
Use these features thoughtfully to create a secure and efficient task management system that serves both your bank's operational needs and your clients' privacy requirements.