Restricting visibility of personal data by enabling the customer to individually configure which data is displayed in the gui or not

The purpose is that personal data of users and/or administrators of the KnowBe4 portal can be shown or hidden based on customers’ decision in order to comply with regulatory requirements or own company conditions.

1. Selected administrators shall be assigned a new privilege within the KnowBe4 account, which can be toggled by the customer themselves and which makes them eligible and authorized for 4-eye-principle action. Of course at least two administrator accounts must be granted this privilege.
2. In the KnowBe4 portal, all visible details and values for users and administrators (personal data) shall be configurable to be shown or hidden individually in the account settings. Again, only two administrator accounts (of all available administrators with 4-eye-principle action permission (1.)) with granted 4-eye-principle action shall be allowed to edit these settings.
3. The focus of details that can be shown/hidden is particularly on personal data such as the individual risk score of a person, their history, users’ results of campaigns, times of last login to the portal, used browser, etc.
4. For information that contains multiple entries, such as the history of a user, a dynamic time window that can be set by the customer themselves (administrators with 4-eye-principle action privilege) is highly desirable, so that at any point in time at which this information is displayed, only the previously set period is displayed. This ensures that only recent information is available and older gets automatically hidden.
5. Actions which require 4-eye-principle action permission must be logged with time stamps as well as the activities incl. old and new values. The customer can export this log in a license-free standard format (e.g., text). This log shall automatically delete entries that are older than a maximum number of days that the customer themselves sets in the account. Setting this log size shall only be available to administrators with granted 4-eye-principle action privilege and modifying this setting requires of course two administrators with this permission.
6. Hiding information, especially personal data from the gui helps to comply with regulatory requirements in EU, but at the same time preserves aggregated information and statistics e.g., the customers’ overall trend on improving the handling of phishing mails.