data_retention
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
data_retention [2016/05/01 11:01] geelling created |
data_retention [2018/07/18 20:08] (current) geelling |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | Data Retention Rules | + | **Data Retention Rules** |
| Use data retention rules to comply with the Data Protection Act, etc by: | Use data retention rules to comply with the Data Protection Act, etc by: | ||
| - | - destroying unsuccessful loan and membership applications after a set time (typically 3 months) | + | * destroying unsuccessful loan and membership applications after a set time (default 3 months) |
| - | - redacting personal data from successful applications after a set time (typically 18 months) | + | * redacting personal data from successful applications after a set time (default 18 months) |
| - | - archiving non-personal data from successful applications to allow trend analysis, etc | + | * archiving non-personal data from successful applications to allow trend analysis, etc |
| - | - destroying data from all miscellaneous forms after a set time (typically 3 months) | + | * destroying data from all miscellaneous forms after a set time (default 3 months) |
| + | * destroying credit and ID search results after a set time (default 3 months) | ||
| Data retention rules are set in three ways: | Data retention rules are set in three ways: | ||
| 1. At system level you can set the retention periods to be applied: | 1. At system level you can set the retention periods to be applied: | ||
| - | - Long retention period (months until successful applications are redacted and archived) | + | * Long retention period (months until successful applications are redacted and archived) |
| - | - Short retention period (months until unsuccessful applications and misc forms are destroyed) | + | * Short retention period (months until search results, unsuccessful applications and misc forms are destroyed) |
| 2. At form level, you select the specific retention rules to apply to completed forms: | 2. At form level, you select the specific retention rules to apply to completed forms: | ||
| - | - credit application - redact, purge and archive | + | * Credit application - redact, purge and archive |
| - | - misc form - purge without archive | + | * Misc form - purge without archive - short period |
| + | * Misc form - purge without archive - long period | ||
| + | * Retain indefinitely (default) | ||
| + | |||
| + | //note: form level retention rules are applied based on the last time a form was changed or actioned in workflow, applications are treated as unsuccessful if ANY workflow field __starts__ with Decline, Withdraw, W/D or Fail (eg Declined, Withdrawn, W/D Dup will all be included)// | ||
| 3. At field level, you can define which fields on application forms are treated as personal data | 3. At field level, you can define which fields on application forms are treated as personal data | ||
| - | - standard library fields marked [PD] are always treated as personal data | + | * [[special_treatment|standard library fields]] marked [PD] are always treated as personal data |
| - | - other fields are treated as personal data if PERSONAL_DATA is added to special treatment | + | * other fields are treated as personal data if PERSONAL_DATA is added to special treatment |
| + | * [[special_treatment|standard library fields]] marked [PDS] (eg search results) are treated as sensitive personal data and are always redacted after the short retention period has passed //regardless of the form-level rule applied// | ||
| + | * other fields are treated as sensitive personal data if SENSITIVE_DATA is added to special treatment | ||
| + | |||
| + | //note: sensitive personal data is destroyed when the short retention period has passed from the date the customer submitted their form, not from the date of any credit or ID searches// | ||
| - | 1. At system level you can set the number of months after which personal data is redacted data is destroyed | + | Encryption of sensitive personal data (new in release 6.8) |
| + | * Sensitive personal data is now encrypted on the database for additional security in the event of a data breach | ||
| + | * Encryption is automatically applied to all [PDS] fields, and fields marked SENSITIVE_DATA in special treatment | ||
data_retention.1462093298.txt.gz · Last modified: 2017/02/20 16:49 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
