Hi all,
We are a nonprofit in Connecticut. We had an email request come in recently asking for us to delete their information under the Connecticut Data Privacy law. As a nonprofit, we are exempt from the law, but I processed the request anyway, as a show of good faith. This got me thinking about best practices, documentation, and so forth.
In such cases, what are your org's best practices? Is there a check and balance on purge scheduling/running? Is there documentation before and/or after? I'm curious what y'all have in place.
Kia ora Nathanael. We purge records in 2 instances - one, as everyone has said, upon a request from a customer & secondly, around accounts created during guest check out, if the customer doesn't complete the sale. We feel that if someone enters their details into TNEW & then doesn't complete the transaction, they would have a reasonable expectation that we would not be keeping their data - so it's a weekly maintenance job for me. I identify the records created during a partial guest check out & then purge them. No other documentation completed each week - just the weekly maintenance process documented.