Managing personal information in accordance with PI laws
As an administrator, you might experience users asking that their personal information (PI) be erased or corrected in accordance with local and international PI laws, for example the EU General Data Protection Regulation (GDPR). This section describes the most common scenarios that you might encounter and the actions that you need to take to satisfy the user requests.
Let’s say that a user who has left the company, for example, Carla Smith, requests to have her personal information erased. Most scenarios involve your changing the user’s name and email address so that they no longer reveal the user's identity. "Carla Smith" would become, for example, "Former Employee57" and her email address "formerempl57@organization name.com," depending on what system of pseudonymised names and addresses your organization decides on. Your organization should keep accurate records of these changes to avoid confusion should you have future dealings with the same users.
HCL Connections provides a services asset to simplify the handling of GDPR requests such as the right to access and erasure of data. Refer to HCL Data Privacy Toolkit for more information.
- Managing user requests to erase PI
Here are four scenarios that you might encounter if a user requests that their personal information (PI) be erased from Connections content. In all, the user's "right to erasure" is accomplished by changing the user's name and email address to ones that can no longer identify them, a process known as "pseudonymisation."
- Deleting or correcting user PI
If a user who has left the organization wants to make sure that their personal information (PI), for example, their social security number, is removed or corrected in all content sources, they can ask the organization to find the occurrences in blogs, wikis, and so on, and to remove or change the text.
Parent topic:Managing access