Skip to main content

Enhanced Handling of Sensitive Data for OHIP

Gil H
Updated

Introduction

Duve now offers an improved way to handle Sensitive Data when your property is connected to OHIP.
While Duve already masks Sensitive Data inside the platform, some information was previously sent unmasked to OHIP’s general notes section, which is accessible to a wide range of staff. This exposed hotels to potential privacy and GDPR risks.

With this enhancement, Duve ensures that Sensitive Data is shared with OHIP in a controlled and compliant way. Masked data appears in general notes, while the full, unmasked response is pushed only to the secure, permission-restricted guest profile in OHIP.

Overview

Properties using OHIP can now rely on an improved flow for managing Sensitive Data collected through Custom or Basic Questions in Duve.

When a question is marked as Sensitive in Duve:

  • The guest’s response is masked inside Duve, as usual.

  • During the sync with OHIP:

    • A masked version of the response is stored in the OHIP notes section.

    • The full, unmasked value is securely pushed to the OHIP guest profile, where visibility depends on OHIP’s permission settings.

  • Duve records the action in system logs for auditing and compliance purposes.

This ensures that Sensitive Data is available only to staff who are authorized to view it within OHIP.

How to Set It Up

This enhanced behavior is applied automatically for properties connected to OHIP PMS. No feature activation or setup is required beyond marking questions as Sensitive.

Step 1: Mark a question as Sensitive in Duve

  1. In the Duve admin, go to Settings > Check-In > Basic details/Custom questions.

  2. Create a new question or edit an existing one.

  3. Enable the Sensitive Data setting by enabling the "Guest answer is sensitive information" toggle.

  4. Save the question.

The view in Duve:

Step 2: Review permission settings in OHIP

The unmasked data is stored only inside the secure guest profile in OHIP.
Each property should confirm that staff roles and permissions in OHIP are configured correctly to restrict access to Sensitive Data.

The view in OHIP:

image003.png

Step 3: Allow Duve to sync data normally

Once the guest submits their response:

  • Duve masks the data internally.

  • The masked value is added to the OHIP notes.

  • The unmasked value is sent to the OHIP guest profile.

  • A log entry is created documenting the sync.

FAQs

Q: Do I need to enable anything to start using this?

 

A: No. The improvement is automatic for OHIP-connected properties. You only need to mark questions as Sensitive in Duve.

 

Q: Where can staff see the unmasked Sensitive Data in OHIP?

 

A: The unmasked value is available only inside the guest profile in OHIP. Access is determined by OHIP’s permission settings.

 

Q: What appears in the OHIP notes section?

 

A: Only a masked version of the response, such as "***", is added to the notes section. This prevents exposure of Sensitive Data to staff who should not access it.

 

Q: What happens if the unmasked value cannot be pushed to the guest profile (such as an invalid answer)?

 

A: If the profile update fails, Duve will not push unmasked data anywhere. The notes section will still show the masked value.

 

Q: Is the data transfer logged?

 

A: Yes. Duve logs the masking status, destination (notes or profile), field name, timestamp, and the sync result for auditing.

Related articles

Comments

0 comments

Article is closed for comments.