Data Retention; Data Retention Rules and Processes added

A new Data Retention Process has been added. This is found under the Tools, Database, Data Retention menu.

Most Users like to keep data as long as possible, however, privacy, compliance and recent data breaches have highlighted that removing data that is no longer required is very important.

• Privacy normally dictates the data should be removed as soon as possible.
• However, compliance typically means that data needs to be keep to meet legal and regulatory requirements.

This new facility allows you to specify how long Credit Bureau (including Credit Enquiry, Bank Account Enquiry and Biometric Verification), Security Enquiry and Electronic Signature type Service Logs and related information are retained for.

Each Service Log may have "Related Service Logs", e.g. where there is a Parent/ Child relationship between them. For example, a Biometric Verification may have the original "Verify" Service Log followed by "Update" and "Download" Service Logs.

Each Service Log may also be linked to one or more Account, Account Application, Client, Security Statement, Security Item or User Log - these are the "Linked Logs". In addition, "Linked Logs" includes all Logs in a threaded conversation.

There are two types of Service Logs that are treated differently:

• Ad-hoc
• Where the Service Log, or any Related Service Log, is NOT linked to an Account, Account Application, Client, Security Statement, Security Item or User Log.
• For each type of Service Log, Data Retention Rules allow you to specify:
• The minimum period to retain information for.

• General
• Where the Service Log, or any Related Service Log, is linked to an Account, Account Application, Client, Security Statement, Security Item or User Log.
• For each type of Service Log, Data Retention Rules allow you to specify:
• The minimum period to retain information for.
• The period of time after all related Accounts and Account Applications have been Closed or are still a Quote or Open.
• If the Service Log is related to a Linked Account Log and:
• The Account's status is Quote, Open or Closed Pending.
• Or the Account was Closed with the period specified.
• If the Service Log is related to a Linked Account Application Log and:
• The Account Application's status is Incomplete, Reviewing or Complete.
• Or the Account Application was Accepted and any Account created with the period specified.
• The Account's status is Quote, Open or Closed Pending.
• Or the Account was Closed with the period specified.
• If the Service Log is related to a Linked Client Log and:
• If any Account related to the Client was created within 10 days of the Service Log and
• The Account's status is Quote, Open or Closed Pending.
• Or the Account was Closed with the period specified.
• If the Service Log is related to a Linked Security Statement or Security Item Log and:
• Any Account or Client is linked to the Security Statement as per the rules above.
• These rules are both applied, e.g. if minimum period is "3 Years" and after all related Accounts are closed is "90 Days", then the Service Log must be at least 3 years old and there can't have been a related Account or Account Application open within the last 90 days.

• What is deleted?
• When a Service Log is deleted:
• The Service Log and all Related Service Logs are deleted,
• All Linked Logs from all Related Service Logs are deleted.
• This includes all Linked Logs in a threaded conversation.
• All Files referenced in Linked Logs will be deleted, with the following exceptions:
• Where used as the Client Image
• Where used in a Client Identification

• Permission Keys:
• Note, unless running as an Administrator User you will need to allow the following Permission Keys.
• Menu.Tools.Database.DataRetention
• User can access the Tools, Database, DataRetention menu option.
• DataRetention.Adhoc
• User can run Data Retention Rules for ad-hoc Service Logs.
• System Basis is Deny
• Enforced at Business Layer
• DataRetention.General
• User can run Data Retention Rules for general Service Logs.
• System Basis is Deny
• Enforced at Business Layer
• DataRetention.Rules
• User can edit Data Retention Rules.
• System Basis is Deny
• Enforced at Business Layer

Note, failed and other short term Service Logs can be deleted via the Tools, Database, Database Purge facility.