When a safeguarding incident is flagged in Mobile Guardian, the incident report may contain Personally Identifiable Information (PII) such as student names, email addresses, and device serial numbers. Auto-PII Redaction automatically masks this information before the report is shared with designated safeguarding leads, so that reviewers can assess and act on the incident without unnecessary exposure of personal data.
The redaction is applied server-side as the incident report is generated. It does not affect device monitoring, data collection, or how incidents are detected. The original unredacted data remains available to administrators with the appropriate permissions.
What You Will Learn
- How to enable Auto-PII Redaction for safeguarding incidents
- How to configure which data types are redacted
- How to exclude specific users or devices from redaction
- How to verify that redaction is applied to shared reports
Prerequisites
- Admin access to the Mobile Guardian Dashboard
- Safeguarding monitoring enabled on at least one profile (see your Baseline or Conditional Profile configuration)
- A Mobile Guardian licence that includes Safeguarding and AI Risk Detection
Enabling Auto-PII Redaction
Step 1: Access Safeguarding Settings
- Log in to your Mobile Guardian Dashboard
- Navigate to Safeguarding in the left-hand menu
- Select Settings
Step 2: Enable PII Redaction
Under the PII Redaction section:
- Set Auto-PII Redaction to On
- Click Save
Once enabled, all new safeguarding incident reports will have PII automatically masked before they are shared.
Note
Enabling Auto-PII Redaction does not retroactively redact existing incident reports. Only reports generated after the setting is enabled will be affected.
Configuring Redaction Scope
By default, Auto-PII Redaction masks all supported data types. You can customise which types of information are redacted based on your school’s data handling requirements.
Step 1: Access Redaction Scope
- Navigate to Safeguarding in the left-hand menu
- Select Settings
- Under the PII Redaction section, select Configure Redaction Scope
Step 2: Select Data Types
The following data types can be individually enabled or disabled for redaction:
| Data Type | Description | Default |
| Student Names | First and last name of the student involved in the incident | Enabled |
| Email Addresses | Student and staff email addresses referenced in the incident | Enabled |
| Device Serial Numbers | Hardware serial numbers associated with flagged devices | Enabled |
| Device Names | Assigned device names visible in the dashboard | Enabled |
| IP Addresses | Network addresses logged at the time of the incident | Enabled |
- Select or deselect each data type as required
- Click Save
Note
Disabling redaction for a data type means that information will be visible in all shared incident reports. Consider your school’s data protection policies before disabling any default redaction.
Configuring an Exclusion List
In some cases, you may need specific users or devices to remain unredacted in incident reports, for example, during an active investigation where the safeguarding lead requires full identification.
Step 1: Access the Exclusion List
- Navigate to Safeguarding in the left-hand menu
- Select Settings
- Under the PII Redaction section, select Manage Exclusions
Step 2: Add Exclusions
- Click Add Exclusion
- Search for and select the student or device to exclude
- Click Save
Excluded users and devices will appear with their full details in shared incident reports, while all other PII remains masked.
Note
Exclusions should be reviewed regularly and removed once they are no longer needed. An exclusion does not bypass any other safeguarding controls or monitoring settings.
Customising the Masking Format
By default, redacted fields are replaced with [REDACTED]. You can change this label to match your school’s reporting conventions.
- Navigate to Safeguarding in the left-hand menu
- Select Settings
- Under the PII Redaction section, locate Masking Format
- Enter your preferred replacement text (e.g., [PII REMOVED], [MASKED])
- Click Save
Verifying Redaction Is Applied
From the Safeguarding Dashboard
- Navigate to Safeguarding in the left-hand menu
- Select Incidents
- Open a recent incident report that was generated after Auto-PII Redaction was enabled
- Confirm that the configured data types display the masking text (e.g., [REDACTED]) in place of personal information
From a Shared Report
If your school shares incident reports with external safeguarding leads or designated safeguarding officers:
- Generate or export a shared incident report
- Review the exported document to confirm that PII fields are masked
- Verify that any exclusions are correctly applied (excluded users/devices should show full details)
Troubleshooting
| Issue | Likely Cause | Resolution |
| PII not redacted in incident reports | Auto-PII Redaction not enabled | Navigate to Safeguarding > Settings and confirm Auto-PII Redaction is set to On |
| Existing reports still show PII | Redaction is not retroactive | Only reports generated after the setting is enabled will be redacted. Re-generate the report if needed |
| Specific student still visible in reports | Student or device added to the exclusion list | Check Safeguarding > Settings > Manage Exclusions and remove the entry if no longer required |
| Redaction applied but masking text is wrong | Custom masking format configured | Check the Masking Format field under Safeguarding > Settings > PII Redaction |
| Redaction not applied to email addresses | Email address data type disabled in redaction scope | Navigate to Configure Redaction Scope and enable Email Addresses |
Please let us know if you found this helpful.
Thanks for reading! 🙂