Implementing Contact data retention and deletion
Requester data retention controls how long contact information provided by the requester should be held for, and Requester data deletion determines when it should be deleted if it is going to be deleted. Every customer, especially those subject to GDPR and similar PII privacy policies, should review this functionality and decide whether it should be implemented for their particular organisation, and how it should operate if used.
RefTracker allows for client contact data to be:
– retained indefinitely (as is usual in organisations with a closed audience, such as special libraries)
– retained indefinitely unless the client specifically requests that their contact data be removed via an option in the client interface, or via a personal approach to your staff
– retained according to the wishes of the requester, as selected in a “Remove contact details after close” field that you can insert in your request form/s (or added automatically)
– any of the above options, combined with an automatic deletion process that occurs after a specified period of time for all closed requests
These policies are implemented using Parameter 6.12, 6.13, the “Remove contact details after close” field, and the ”Erase client data” background process, with the contact data that is deleted being adjustable to meet your applicable policies.
6.12 Requester data retention model – This is where you choose how your organisation will apply the requester data retention policies.
Options are: Presumed (default), Requester discretion, and Requester specified. See below for information about how to choose the policy to set here.
6.13 Erase data after – This is where you set how long after a request is closed, before it should be marked for requester data removal, if the requester data is not to be retained for this request (which means that this parameter is only applicable, and you only have to set it, if you set parameter 6.12 to Requester specified”). Default is 14 days but you can choose however long you think is appropriate in your organisation to provide a balance between removing the data promptly, and retaining it so the request can be reopened if the requester wants to do that.
The ”Remove contact details after close” field can be optionally included in your requests form(s) to allow clients to indicate how they want their contact data handled. Options are “Yes”, or “No”, selected via tick box.
The ”Erase client data” background process runs automatically and will remove the client contact details from all records that are set for deletion according to your setting of parameter 6.12 and 6.13 and the clients choice at “Remove contact details after close” if that is in use for the request. Removing client contact details means removing the data from applicable PII fields, removing that information from the History records, and removing copies of emails that might contain that data. When data is erased by this process, a history entry records that the data has been removed.
Impact of using these contact data retention policies
When contact data is removed by these Contact data deletion policies after the request is closed, the basic identifiable client contact details like name, email address, phone etc., are removed from the record of that request.
When implementing these policies please consider that removing this data means:
– The request will no longer be able to be found when searching for any of these client contact details. This means that staff will no longer be able to see these previous client requests when searching for requests by contact details (such as when looking for how many services have been provided to this user), and clients will no longer see the request in their My requests client interface screen. This may well mean that you will want parameter 6.13 to be longer than the default 14 days and it should certainly be at least as long as parameter 6.30 (the period for which end users can see their previous requests) if you use that function.
– The contact data will no longer be available for use by the Contact lookups function. Select a longer period for parameter 6.13 if you want the contact details to be able to be reused by the Contacts lookups function.
How to set up your contact data retention policies:
Your contact data retention policies are set using parameter 6.12, where the possible values are Presumed, Requester discretion, and Requester specified. Parameter 6.12 works in association with the ”Remove contact details after close” field that can be optionally included in Request forms, or automatically inserted.
Make your selection at Parameter 6.12 based on the following information:
Presumed: This option presumes that the client/requester does not have to give permission to retain their data – such as where only in-house requesters are being serviced by a corporate library.
This option means that Requester data is never to be deleted (except that your organisation can choose to use the Delete requester data background process to have it deleted in bulk, for all closed requests, after a specific period has elapsed from when the request was closed).
The requester does NOT have an option in the requester interface to ask for their requester contact details to be removed, as that “Delete my details from this request. . .” option is removed from the client interface by this parameter choice.
The value for “Remove contact details after close” will be set to “No”. However, it is possible to include the “Remove contact details after close” field in your Request form/s, so that the end user has an opportunity to specify that their contact details should be removed, but this would be highly unusual.
Requester discretion: When you choose this option, permission to retain the Contact data is implied by the requester completing the form. You can have them specifically confirm this via a general conditions agreement in the form (you might like to use the “Privacy acceptance” request form field to do that).
When you choose this option the Client interface will provide an option that allows the requester to select deletion of their requester contact details.
The value for “Remove contact details after close” will be set to “No”. However, it is possible to include the “Remove contact details after close” field in your Request form/s, so that the end user has an opportunity to specify that their contact details should be removed. Using the “Remove contact details after close” field in your form/s is optional, but more likely when using this option, so that users can choose, as they enter their request, how their Contact details should be handled.
Requester specified: If you choose this option, Requester contact details will be deleted by the next run of the “Erase client data” background process, parameter 6.13 days after the request is closed, if the requester has not given their permission to have their data kept via the “Remove contact details after close” field.
The ”Remove contact details after close” field must be included in all your request forms, so it is automatically added to the end of any form you have not already added it to.
This option makes it obvious to the requester that they control what happens to their data. The value for “Remove contact details after close” will be set according to the requester’s choice for it in the Request form they completed – “Yes” or “No” (where “remove on close” means parameter 6.13 days after close of the request).
Including the “Remove contact details after close” field in your forms
“Remove contact details after close” can be included in any Request form, however, when Parameter 6.12 is set to “Requester specified” it must be included in all your forms so that requesters have a way to indicate how they want their data handled.
You can insert this field anywhere in any request form (to control the position it appears in your Request forms, or to add a note, or change the label), irrespective of the value you select at Parameter 6.12.
However, if parameter 6.12 is set to “Requester specified” and you have not inserted the “Remove contact details after close” field in the form being used, the field will be automatically added at display time (in order to meet the requirement for mandatory collection of this information when parameter 6.12 is set to “Requester specified”).
When you insert this field in your form we recommend that you add information about what the impact of the client’s selection in this field means, for example:
Data collected in the “Remove contact details after close” field will be displayed in the Requester data section of the Details tab. It is recorded and displayed in the Details tab, for ALL requests, whether the “Remove contact details after close” field has been included in the form, or not, as this information is needed for the “Erased client data” background process.
Possible values for this “Remove contact details after close” field are:
Yes, No (where removal will be according to parameter 6.13).
Important implementation hint: Which forms do you need to add the “Remove contact details after close” field to, in order to allow end users to indicate their contact details retention preference?
It is important that every customer reviews parameter 6.12and the “Remove contact details after close” field information provided above, and sets them to meet the PII privacy needs of their organisation, as described above.
It is even more important that you review this if you going to use Contacts Lookup!
For more information about inserting this field in your request forms see the Privacy and request forms help page.
How to set up your contact data deletion policies:
Contact data is removed from a request the next time the “Erase client data” background task runs, when:
– The “Erase client data” parameters specify that contact details should be automatically removed for all requests that have been closed for more than a period specified in its parameters. or
– The “Remove contact details after close” field in that request is set to “Yes” (ticked) and the time period specified in parameter 6.13 has expired. This will happen if:
. The end user has used the client interface function that allows them to request their client contact details to be removed. This function is made available if parameter 6.12 is set to “Requester discretion” or “Requester specified”. or
. The end user has chosen “Remove on close” where the “Remove contact details after close” field is included in that form, or it is built into the form as a hidden field. or
. A staff member has ticked the “Remove contact details after close” box as a result of a request from the client to do so. Staff can do this using the Change or QA review screens. If the “Remove contact details after close” field is not showing in the Request form itself, it can be found in the Requester section of the “Other fields” division of these screens.
When “Erase client data” runs it does all of the following:”
– deletes the data in all PII Contact information fields in the Requester data table (as determined by your “Erase client data” background process set up), and replaces those fields with “Erased” where ever they appear in the History. Examples of fields that will be erased in this way, if they contain data, include:
Address Lines 1 & 2, City, Country, Requester email, IP address, Personal title, Requester mobile #, Requester name, Requester name 2, Requester #, Requester phone #, Region, Skype name, Requester zip/postcode, etc.
– removes all copies of emails from the History as they might contain Contact information, but retains the information about the email having been sent (with a note “Erased”).
– creates a History entry to record that the “Erase requester data process” has been used on this request.
For full details about the Erase client data background process click here.
