Skip to main content

What is our data erasure policy to support the "Right to be forgotten"? (Art. 17 GDPR):



In line with European data regulations (GDPR) commits inSided to removal of all customer data, (including all personal data) of consumers upon termination or expiration of the service contract. The data removal policy and procedures tap into all relevant sectors of the inSided Platform across the architecture and application layers. The following sectors are manipulated to make sure all customer data is safely and thoroughly removed.



Sectors:


  • Git repository, builds and backups
  • Static File Delivery Storage (AWS Cloudfront and S3)
  • Databases on all development instances and release stages, including local environments (DTAP)
  • Offsite backups related to Disaster Recovery Plan (DCP)
  • SSL domain certificates
  • DNS records (AWS Route 53)
  • Load balancing instances and logs (AWS Elastic Load Balancing (ELB))
  • API key/secrets for all environments
  • Configuration settings
  • Event store
  • Technical analysis and consultancy exports
  • Search indexes

User anonymization process:

Steps taken to anonymize a community user:


  1. Community manager or admin can login to inSided backend application "Control";
  2. Within user management, he or she can find and select the user;
  3. By choosing and verifying wanting to anonymize the user, the following steps are automatically executed:
  4. Username is anonymized
  5. IP addresses known for user events are anonymized
  6. Email address is anonymized
  7. SSO identifier is anonymized
  8. Profile field values are deleted
  9. Private messages are deleted
  10. The steps described in point #3 are performed on the production databases, and will be effective in all hot and cold backups (i.e. off-site) within 7 days after execution;
  11. User is now fully anonymized, meaning no personal data is available anymore, nor in the system nor in any backup - the user record can no longer be retrieved.
  12. Erased users will come up as ‘Anonymous’ on the platform, their content will be left intact to avoid damage to the community - but the attached user record is now Anonymized.

I am sorry but this isn´t fully true:

 

  • User is now fully anonymized, meaning no personal data is available anymore, nor in the system nor in any backup - the user record can no longer be retrieved.
  • Erased users will come up as ‘Anonymous’ on the platform, their content will be left intact to avoid damage to the community - but the attached user record is now Anonymized.

Imagine following, this is potential usecase for me:

You have user who have been a member for a years. Posted over 6000 posts. There are maybe thousands @mentions in the community where the user is mentioned. Sometimes @mention is in the post itself, sometimes it is in the quote “@user wrote:”.

When that user wants profile deleted, it will be deleted and personal data is no available anymore. Posts are anonymized. Yes.

But. There is big but.

All the @mentions aren´t anonymized. When it is in the quote (“@user wrote:”), it will remain there. And there might be thousands of them out there. Thousands.

I think there isnt any workarounds for this, as a admin or CM you have to manually find and edit them. How long it takes, weeks, months?

Okay, editing them manually is a problem by itself. But, there is other problem as well.

When you search user by using platforms search feature, it displays only the topics where the user is mentioned or posted. If the topic is long, several pages or even dozens of pages long, it takes lots of time to find the posts what to edit. Arrggghhhh.

--

My question for the inSided is:

Is this really the way you want us to do in these kind of situations? Or is this something you havent thought at all?

I didnt add the point when that user is mentioned in the post but without @mention. They arent anonymized either, but I didnt say anything about that because it is our moderators job to add @mention every time when the user is mentioned, if users doesn´t add it by themselves.

But what comes to my question and usecase above, we used Khoros platform before this current solution inSided. Khoros platform anonymize automatically all the @mentions, no matter where they are added (post, or in in the quote).

I think this should be behaviour with inSided platform as well.

Other customers, what are your thoughts?

It is difficult to imagine that this is problem just for me 😀

Once more, ping @Frank & @Alistair FIeld & @Sebastian 😉

There’s an idea by @bjoern_schulze about this:
 


 

There’s an idea by @bjoern_schulze about this:
 

And yes, we find this as a problem as well.

Thanks sharing this. I have to say I didnt remember this, I have already votes this months back ?

 

I’ve also posted an idea closely related to this:
 

 

I think this isnt issue for me but only when the anonymization is complete. Now it isn´t.

Generally speaking, I am not fan of users can delete their messages. There are people out there who deletes their posts after they got the answer. Or they write something when they are angry and later on they delete or edit the comment, “I was just joking here...”.

There’s an idea by @bjoern_schulze about this:
 

And yes, we find this as a problem as well.

Thanks sharing this. I have to say I didnt remember this, I have already votes this months back ?

 

I’ve also posted an idea closely related to this:
 

 

I think this isnt issue for me but only when the anonymization is complete. Now it isn´t.

Generally speaking, I am not fan of users can delete their messages. There are people out there who deletes their posts after they got the answer. Or they write something when they are angry and later on they delete or edit the comment, “I was just joking here...”.

Deleting messages is a very controversial thing and purely from community point of view I dislike it as well, but in privacy sense it makes sense.

Reply


Terms & ConditionsCookie settings