View Encrypted Sensitive Fields with Access Logging

Certain contact fields contain sensitive personal data that is stored encrypted at rest. On the contact detail screen, these fields are rendered by the encrypted field display component, which shows a placeholder value and a lock icon instead of the actual data. When a coordinator taps such a field, the sensitive field warning dialog presents a clear explanation of what data will be shown and why access is being logged. Upon acknowledgement, the field encryption utils decrypts the value client-side using the user's session key and displays it temporarily. The read receipt service logs the access event including user ID, timestamp, field name, and reason code. Accessing these fields from a screen reader triggers the live region announcer to announce that a sensitive field is being read aloud, giving the user the opportunity to ensure privacy.

HIGH story-contact-detail-edit-screen-organization-admin-004 8 pts

Story Points

High

Priority

Contact Detail & Edit Screen

Feature

User Story

As a Organization Administrator

I want to access encrypted sensitive personal information (such as personal ID numbers and medical context notes) on a contact record, with explicit consent steps and full access logging

So that I can fulfill my coordination duties that require personal data while ensuring the organization meets GDPR compliance and can audit who accessed sensitive information and when

Acceptance Criteria

Given I am on the contact detail screen, When I view a field containing encrypted personal data, Then the field displays a masked placeholder value and a lock icon instead of the raw data
Given I tap an encrypted field, When the sensitive field warning dialog appears, Then it clearly states which field I am about to view and that access will be logged
Given I confirm access to an encrypted field, When the decryption completes, Then the actual value is displayed inline for the duration of my session on that screen only
Given I have confirmed access to a sensitive field, When the encrypted field display renders the value, Then the read receipt service records an access event with my user ID, timestamp, field identifier, and a reason code
Given a screen reader is active and I reveal an encrypted field, When the value is displayed, Then the live region announcer announces 'Sensitive field now visible — ensure privacy before proceeding'
Given I navigate away from the contact detail screen and return, When the screen reloads, Then previously revealed encrypted fields return to their masked placeholder state and require re-confirmation

Business Value

Norwegian disability organizations handle sensitive personal data under strict GDPR obligations, including health information and personal ID numbers required for Vipps-authenticated membership resolution. Without encrypted field display and comprehensive access logging, the organization cannot demonstrate GDPR compliance, cannot audit data access in the event of a breach investigation, and cannot protect peer mentors' personal information from unauthorized viewing. This story is a legal and trust requirement — failure to implement it correctly exposes the organization to regulatory fines and erosion of peer mentor confidence in the platform.

Components

Contact Detail Screen ui
Encrypted Field Display Widget ui
Field Encryption Utilities infrastructure
Read Receipt Service service
Contact Detail Repository data
Sensitive Field Warning Dialog ui
Sensitive Field Privacy Guard service
Live Region Announcer ui
Sensitive Field Configuration data

Contact Detail & Edit Screen

Related Feature

Organization Administrator

User Role