Hi all,
We are a nonprofit in Connecticut. We had an email request come in recently asking for us to delete their information under the Connecticut Data Privacy law. As a nonprofit, we are exempt from the law, but I processed the request anyway, as a show of good faith. This got me thinking about best practices, documentation, and so forth.
In such cases, what are your org's best practices? Is there a check and balance on purge scheduling/running? Is there documentation before and/or after? I'm curious what y'all have in place.
We also only purge if there is a request to do so. A customer will usually email one of our teams and those teams then submit a Mojo ticket request for us. In our ticketing portal we assign a specific tag to that ticket to keep track of all purge requests.