Data Retention Rules
Use data retention rules to comply with the Data Protection Act, etc by:
destroying unsuccessful loan and membership applications after a set time (default 3 months)
redacting personal data from successful applications after a set time (default 18 months)
archiving non-personal data from successful applications to allow trend analysis, etc
destroying data from all miscellaneous forms after a set time (default 3 months)
destroying credit and ID search results after a set time (default 3 months)
Data retention rules are set in three ways:
1. At system level you can set the retention periods to be applied:
Long retention period (months until successful applications are redacted and archived)
Short retention period (months until search results, unsuccessful applications and misc forms are destroyed)
2. At form level, you select the specific retention rules to apply to completed forms:
Credit application - redact, purge and archive
Misc form - purge without archive - short period
Misc form - purge without archive - long period
Retain indefinitely (default)
note: form level retention rules are applied based on the last time a form was changed or actioned in workflow, applications are treated as unsuccessful if ANY workflow field starts with Decline, Withdraw, W/D or Fail (eg Declined, Withdrawn, W/D Dup will all be included)
3. At field level, you can define which fields on application forms are treated as personal data
note: sensitive personal data is destroyed when the short retention period has passed from the date the customer submitted their form, not from the date of any credit or ID searches
Encryption of sensitive personal data (new in release 6.8)
Sensitive personal data is now encrypted on the database for additional security in the event of a data breach
Encryption is automatically applied to all [PDS] fields, and fields marked SENSITIVE_DATA in special treatment