Updated: 8 months ago
A Data Retention policy gives a school guidance on what data should be stored or archived, where that should happen, and for exactly how long. The IT department of each EnrolHQ school is responsible for determining what that policy should be.
As the enrolments process spans multiple years and collects a significant amount of personally identifiable information (PII) about each applicant and their family, data retention policies are an important consideration for all users of EnrolHQ.
Personally identifiable information (PII) is any information connected to a specific individual that can be used to uncover that individual's identity. Examples include their residential address, medicare number, birth certificate, full name, phone number and email address.
Non-sensitive PII, like a person's full name, telephone number, or email address, is classified as information that should not cause significant harm to the user if leaked individually. EnrolHQ takes measures to protect this information because malicious actors could potentially use multiple pieces of non-sensitive PII to cause harm, the most common being identity theft scenarios.
In contrast, sensitive PII includes data that, if leaked or stolen, could cause significant harm to the user. Examples of sensitive PII include a copy of a drivers licence or passport or detailed medical records. Data privacy laws require organisations like TeamHQ to put in security measures to safeguard all PII, whether sensitive or non-sensitive.
The distinction between sensitive and non-sensitive PII can also depend on context. For instance, a full name on its own may be non-sensitive, but if combined with other information, it could become sensitive. An example is where a student’s name by itself is non-sensitive, but finding that name on a list of students classified with specific medical conditions makes it sensitive.
In the context of data retention, we also need to discuss the different types of deletion. The terms "hard delete" and "soft delete" refer to different approaches in handling the removal of data from any system.
Soft Delete:
Hard Delete:
Please refer to our Security White Paper for more information.
Trash Status
This status allows you to move profiles that you wish to soft delete. It could include profiles that have not proceeded or profiles that have been synced to your SIS and have since moved to community status.
Filter on how long a profile has stayed in a particular status
We have a filter that allows you to run a report on profiles that are stale or that have been in trash for a set period. It will work for all Status’ but is primarily used for those profiles in the Trash as your policy will often set rules for a Hard Delete after a certain period (the default is 180 days).
Contacts > All Prospective > Show More
Scenario: You move a record to Trash status (soft delete) and have 180 days to recover that record. After 180 days in the status of Trash, (and if Trash Auto-delete is enabled) the profile and associated documents / information is Hard Deleted from the EnrolHQ servers. If you change the status of the profile and then put it back into Trash, the count will reset.
Trash Auto-delete setting
To automate the Hard Deletion of profiles, we offer a Hard Delete setting under Settings > System > Data Retention Policy
Delete Medical and Abilities Data Only
If you want to keep a light profile inside EnrolHQ including non-sensitive information (name, address, phone numbers) and delete only the medical and learning abilities, go to the Medical Tab and select 'Delete Medical and Abilites Data' found against each profile or in the Bulk Actions menu. This allows you to select the documents you want to Hard Delete. These will be removed and will not be able to be retrieved.
Delete all Documents
If you want to keep a light profile inside EnrolHQ including non-sensitive information (name, address, phone numbers) and delete all the sensitive information (document uploads, medical and learning abilities) go to the Documents tab and select 'Delete all documents' found against each profile or in the Bulk Actions menu. This allows you to select the documents you want to Hard Delete. These will be removed and will not be able to be retrieved.
Bulk Actions
Both the 'Delete All Documents' and the 'Delete Medical and Abilities' tasks are available as Bulk Actions so you can assign to more than one profile at once.
Conclusion
To summarise, you can use the Trash Status to Hard Delete full profiles and set an automation to do that after a certain number of days in that status. You can also use the Delete buttons to Hard Delete Documents and Medical and Abilities data but keep your profiles inside the system.