Data retention policies are used to determine when records are anonymised and when attachments are deleted. Each workflow process has its own data retention policy.
A scheduled data retention job runs each night and sets the anonymisation dates for any records that have been placed in end states and any attachments that have been added since it last ran.
The Data retention option in the explorer displays a list of all the data retention policies in the system.
Item | Details |
Enabled | Determines if the data retention rules are enabled for the workflow |
Default retention period | The number of months after a record enters an end state that they will be anonymised |
Default file retention period | The number of months a file will be retained in the system before it is deleted |
Set retention periods per state | Allows different retention periods to be set for each end state independently if required |
Set retention periods per file type | Allows different retention periods to be set for each file type independently if required |
Once a retention policy has been updated the system displays the Publish changes banner.
If records have anonymisation dates set and the policy is then updated then all records will have their dates re-calculated based on the new updated policy.
Each record type that is associated with a data retention policy has a number of standard fields that are used to manage the anonymisation process.
Item | Details |
DP anonymised | True if the record has been anonymised. Set automatically by the overnight scheduled job |
DP anonymised date | Date the record was anonymised. Set automatically by the overnight scheduled job |
DP will be anonymised | True if the record is due to be anonymised in the future. Set automatically by the overnight scheduled job |
DP anonymisation date | Date the record will be anonymised in the future. Set automatically by the overnight scheduled job |
DP days until anonymisation | Number of days before the record will be anonymised. Set automatically by the overnight scheduled job |
DP anonymisation requested | True if the record has been set to be anonymised by a user |
DP anonymisation request reason | The reason entered for why the record is being anonymised |
DP anonymisation request date | The date the record was marked to be anonymised |
DP anonymisation request due date | The date the record has been set to be anonymised on |
Person and Case records have a number of additional standard data protection fields that are used to stop a record being anonymised automatically.
Item | Details |
DP legal hold | Set if the case needs to put on hold due to an ongoing legal process |
DP legal hold reason | Reason the case has been put on legal hold |
DP legal hold date | Date the case was put on legal hold. Set automatically by the system |
DP legal hold review date | Date the legal hold should be reviewed |
DP restrict processing | Set if the applicant requests this under their ‘right to restrict processing’ |
DP restrict processing reason | Reason the case is marked for restricting processing |
DP restrict processing date | Date the case was set to restrict processing. Set automatically by the system |
DP restrict processing review date | Date the restriction should be reviewed |
The data retention functionality includes a number of rules to ensure data integrity and that records are updated appropriately if they have been marked to be anonymised:
- Records cannot be set to anonymised if they are not in an end state
- Records cannot be changed from an end state to a non-end state if Request anonymisation of this record has been set.
- A Public portal account record cannot be anonymised if it is linked to a Person record
- An applicant cannot log in using their Public portal account if it has been manually set to be anonymised by a user in the back office
- If a Public portal account has been marked to be anonymised by the data retention policy and the applicant logs in then the anonymisation date will be removed