The Litmos data security settings allow you to set data retention policies and data retention log policies for your organization. These settings help you comply with corporate data retention policies and laws in local jurisdictions, like the General Data Protection Regulation (GDPR) in the European Union.
The settings ensure that when there is no longer a reason for capturing and processing personally identifiable information (PII) and the retention period has expired, the PII data shall be irrecoverably erased.
How Does Data Security Work and How Do You Enable It?
By default, ‘Data Retention Policy’ is disabled. A user with Account Owner permissions will be able to enable it and define the data retention period. When enabled, PII data for qualified users will be purged after the retention period (qualified inactive user will be irreversibly deleted) on the 1st and 15th of each month in our scheduled purge runs.
This setting can be enabled at: Account > Data Security > Data Retention Policy Settings. Note: The minimum retention period is 1 month. The retention can be set in months or years.
Who Will Be Affected by Enabling Data Retention Policy?
Active users: Active users will not be affected by the data retention policy.
Deactivated users: Deactivated users will be affected by the data retention policy
-
Only personally identifiable data (PII data) of deactivated users who fall outside the org defined data retention window will be purged. In other words, the data in the user’s profile will be deleted, (however the user will remain in the system).
-
If an admin updated a user’s profile or updated their achievement that user will fall back on purge eligibility.
-
Personally identifiable data (PII data) includes all the user profile fields including, default fields, Legacy custom fields and Advanced custom fields.
-
The PII data purge job runs on 1st and 15th of every month Account Owners can set purge email reminders to be made aware of an upcoming purge.
Blocked users (NEW): Data retention policy does not affect blocked users.
-
A deactivated user can be blocked by Account owner from data purge in case of legal conflict for example.
-
Blocked users cannot be un-blocked under any circumstance (due to security reasons)
Who are Blocked Users?
“Personal data shall be blocked after its originally defined retention period has expired, but additional applicable extended and overruling (mandated by law) retention period is still in place.”
A deactivated user can be blocked to be protected from system purge in case of legal conflict for example. Only an Account owner is able to block a user from system purge and general view. A blocked user cannot be un-blocked (due to security reasons) and can only be deleted when the purpose of block is fulfilled.
How can an Account Owner block a deactivated user
When Data retention policy is Enabled there will be a sub-tab on the Account >Data security> Deactivated users. This tab will list all deactivated users, days until they will be purged, Access level and the Action ( block and delete) . Here the Account owners can choose to block a user by clicking on the ‘Block’.
Is There a Separate Log of the Data Security Setting Updates?
There will be new History log that will capture field level changes to the retention policy settings and data purge details. This log is only available for the Account owners under Account > Data security > History Logs. Account owners can also download all the data in a CSV
