User Tools

Site Tools


data_retention

Data Retention Rules

Use data retention rules to comply with the Data Protection Act, etc by:

  • destroying unsuccessful loan and membership applications after a set time (default 3 months)
  • redacting personal data from successful applications after a set time (default 18 months)
  • archiving non-personal data from successful applications to allow trend analysis, etc
  • destroying data from all miscellaneous forms after a set time (default 3 months)
  • destroying credit and ID search results after a set time (default 3 months)

Data retention rules are set in three ways:

1. At system level you can set the retention periods to be applied:

  • Long retention period (months until successful applications are redacted and archived)
  • Short retention period (months until search results, unsuccessful applications and misc forms are destroyed)

2. At form level, you select the specific retention rules to apply to completed forms:

  • Credit application - redact, purge and archive
  • Misc form - purge without archive - short period
  • Misc form - purge without archive - long period
  • Retain indefinitely (default)

note: form level retention rules are applied based on the last time a form was changed or actioned in workflow, applications are treated as unsuccessful if ANY workflow field starts with Decline, Withdraw, W/D or Fail (eg Declined, Withdrawn, W/D Dup will all be included)

3. At field level, you can define which fields on application forms are treated as personal data

  • standard library fields marked [PD] are always treated as personal data
  • other fields are treated as personal data if PERSONAL_DATA is added to special treatment
  • standard library fields marked [PDS] (eg search results) are treated as sensitive personal data and are always redacted after the short retention period has passed regardless of the form-level rule applied
  • other fields are treated as sensitive personal data if SENSITIVE_DATA is added to special treatment

note: sensitive personal data is destroyed when the short retention period has passed from the date the customer submitted their form, not from the date of any credit or ID searches

Encryption of sensitive personal data (new in release 6.8)

  • Sensitive personal data is now encrypted on the database for additional security in the event of a data breach
  • Encryption is automatically applied to all [PDS] fields, and fields marked SENSITIVE_DATA in special treatment
data_retention.txt · Last modified: 2018/07/18 20:08 by geelling