Docs

FC-ANY-PII-003: PII hardcoded default

Variable with a PII-related name is initialized to a hardcoded literal instead of an asset.

highpiipowerautomate / blueprism / automationanywhere

What it detects

Variable with a PII-related name is initialized to a hardcoded literal instead of an asset. Flowcerta surfaces this finding from the active validation pipeline for supported file types and platforms.

Why it matters

PII findings matter because workflow automations regularly touch regulated identifiers, customer records, and health data. Weak auditability or unsafe logging turns ordinary bot activity into a compliance exposure.

Example violation

Variable with a PII-related name is initialized to a hardcoded literal instead of an asset.

Fix guidance

Power Automate

  • Load PII-related identifiers from a secure asset store, not workflow variable defaults.
  • Prefer environment-aware connectors, connection references, structured scopes, and explicit run-history logging.
  • Revalidate the workflow after the change and confirm the finding no longer appears.

Blue Prism

  • Load PII-related identifiers from a secure asset store, not workflow variable defaults.
  • Use release metadata, data items, and process/page references intentionally so reviewers can trace ownership and fix paths quickly.
  • Revalidate the workflow after the change and confirm the finding no longer appears.

Automation Anywhere

  • Load PII-related identifiers from a secure asset store, not workflow variable defaults.
  • Move sensitive values into credential vaults or externalized configuration and keep task-bot calls explicit and reviewable.
  • Revalidate the workflow after the change and confirm the finding no longer appears.

Verification steps

  1. Run validation again and confirm the rule no longer appears in the finding list.
  2. Review the changed workflow artifact directly to verify the risky pattern is gone.
  3. Capture the new validation result as evidence for the relevant owner or compliance review.

Compliance references

Related rules

FC-ANY-PII-001FC-ANY-PII-002

This page is generated from the canonical Flowcerta rule registry used by validation scoring.

Browse all rule playbooks