Does peeking into information shared by employees violate data privacy of individual employees or customers.

[AnjanaMenonCherubala]

There are many companies which handle highly sensitive data for their end customers from the banking sector and other financial issues. More often than not, companies are made to sign NDAs and very stringent information security contracts as pair of their deals with their customers. Some companies even enforce internet related restrictions on any employee, be it from their own organization or the organization handling their data for them.
There are employees with the varying levels of access into these systems who might face issues while working on projects, products, releases or any support related tasks for their customers. These employees might need to share important information in order to raise issues/bugs and seek resolution for them.
Most big companies have very secure, well-defined systems and processes to raise these issues and get them resolved by other departments. A tool like the one suggested in this project might bring down the pain-points for the targeted end users, but might severely violate contractual obligations that employees have with their customers.
There is also the factor of how secure this tool will be. A plug-in which can essentially read the conversations/messages from an employee handling sensitive information would store the information for a period of time which could be mishandled by users with malicious intent.
The suggested plug-in would be useful in the case of small to medium sized companies, more specifically in a start-up kind of environment where the risk factor of data breaches and security concerns are low/ non-existent.

[mdhsieh]

Our app is designed more for a low-level scope, focusing on messages not necessarily to handle sensitive data in for instance files. There should also not be data privacy violations based on our architecture. The employee posts only to the support channel, and NER extracts entities from the message to figure out which department is most relevant. The entities for example are categories which will match certain departments. The message can then be routed directly to the appropriate department. In this case other departments’ messages are not read and they also don’t know about the individual message.

Regarding the app's security in storing employee info, one solution is to immediately delete the data in our app once the message has been routed. In any case, the employee has decided to post the issue to the support team, so the app and the support team must first have access to the information the employee has allowed to be seen.