|
<< Click to Display Table of Contents >> Navigation: General Functions > Managing Users > GDPR - right to be forgotten |
“Forgetting” Users
The new General Data Protection Regulation (GDPR), Article 17, allows a user to elect the “right to be forgotten”. To allow a user to elect this right on the MIE, start by choosing “GDPR assignees to forget” from the Assignees fly-out menu under asset management. You must have sufficient privileges to perform this action or you will not see the menu option.
Create a new record and select the assigned who has elected to be forgotten. You must also check the “Active” checkbox AND you must also fill in a date accepted before the MIE will take action. This is to allow you to create a process by which a user can be staged first, go through an internal review and approval process, and then be finalized before the MIE will take action.
Once the MIE takes action, the user’s identifying data will be gone – so be very certain that you are ready to “forget” this user.
“Ability to Recover Forgotten Data”
By default, once the MIE takes action on a staged user, their identifying data will be permanently destroyed. You may elect (and you must elect) to cause the MIE to retain the original data in an off-system, encrypted store, just in case you may ever need that information (for legal discovery purposes, for instance). To turn that capability on, choose “Company Info” from the “Settings” left menu fly-out. Edit your company record and check the box entitled “Allow recovery of GDPR/obfuscated data”. Save your change. The change will take affect for all users processed from that point forward – it will not cause any users that have already been forgotten to have their data saved – their data is now permanently gone.
“Information that is Forgotten”
When is user is forgotten, the following identifying information is obfuscated:
In the assignee record: First name, last name, email address, enterprise login ID, and cell phone number
In the user record: Name
“How the data is Forgotten”
The information currently in the various attributes to be forgotten is simply replaced with sequential data that in no way can be used to identify the person. This is called obfuscation. The user’s records remain – just the attributes of those records that may be used to uniquely identify the individual are affected. The only place where any indication of the person who has been forgotten remains is in the control record as the “Record of Action”. This allows the ability to audit the MIE to make sure the person who asked to be forgotten was actually forgotten.
“How this is Processed”
The Housekeeping job, usually set to run every 5 minutes, picks up the staged and accepted users and processes their records. You can see the date of must recent processing in the control record at any time. Housekeeping will run against the selected group of users every time it runs, in case someone happened to go back into the users’ records and restored their identifying information (either via an import or via the user interface). Once a control record is processed, the selected user is locked and cannot be changed.
“Imports”
An important consideration for enabling this feature is how employee and contact information is imported into the MIE (if it is imported). It MUST be set to match on a column that is NOT being obfuscated – the most obvious choice should be employee ID (which is usually the non-identifying number assigned by the customer’s payroll or HR system – NOT the social security number). If you set the import job up to match on an obfuscated column, the incoming data will no longer match (since the MIE has obfuscated that data) and the MIE will add the incoming record as a new contact. The user’s information will now be present in the MIE and visible to the user interface until someone stages the new contact record to be forgotten (to the MIE, that new record represents an entirely new person – it has no way of determining that the new record is the same as a contact it has been told to forget)