Data Retention and EnrolHQ

A Data Retention policy gives a school guidance on what data should be stored or archived, where that should happen, and for exactly how long. The IT department of each EnrolHQ school is responsible for determining what that policy should be.
As the enrolments process spans multiple years and collects a significant amount of personally identifiable information (PII) about each applicant and their family, data retention policies are an important consideration for all users of EnrolHQ.

What is personally identifiable information?

Personally identifiable information (PII) is any information connected to a specific individual that can be used to uncover that individual's identity. Examples include their residential address, medicare number, birth certificate, full name, phone number and email address.

Sensitive PII vs. non-sensitive PII

Non-sensitive PII, like a person's full name, telephone number, or email address, is classified as information that should not cause significant harm to the user if leaked individually. EnrolHQ takes measures to protect this information because malicious actors could potentially use multiple pieces of non-sensitive PII to cause harm, the most common being identity theft scenarios.

In contrast, sensitive PII includes data that, if leaked or stolen, could cause significant harm to the user. Examples of sensitive PII include a copy of a drivers licence or passport or detailed medical records. Data privacy laws require organisations like TeamHQ to put in security measures to safeguard all PII, whether sensitive or non-sensitive.

The distinction between sensitive and non-sensitive PII can also depend on context. For instance, a full name on its own may be non-sensitive, but if combined with other information, it could become sensitive. An example is where a student’s name by itself is non-sensitive, but finding that name on a list of students classified with specific medical conditions makes it sensitive.

Soft Delete vs Hard Delete

In the context of data retention, we also need to discuss the different types of deletion. The terms "hard delete" and "soft delete" refer to different approaches in handling the removal of data from any system.

Soft Delete:

• Soft delete involves marking data as deleted without actually removing it from the database.
• The data is typically flagged or labelled as "deleted" but remains in the system.
• Soft deleted data can often be recovered or restored easily because it has not been permanently eliminated.
• This approach is useful for scenarios where accidental deletions may occur or when a temporary removal is needed, such as in a recycling bin.

Hard Delete:

• Hard delete involves the permanent removal of data from the system.
• The data is irreversibly deleted from the database, and there is usually no way to recover it.
• This approach is more suitable when there is a need to comply with data privacy regulations or when maintaining data storage efficiency is crucial.
• Hard delete ensures that the data is completely expunged and cannot be retrieved, providing a more secure way to dispose of sensitive information.

Data Security of EnrolHQ

Please refer to our Security White Paper for more information.

EnrolHQ Tools to help you manage your Data Retention Policy

Trash Status

This status allows you to move profiles that you wish to soft delete. It could include profiles that have not proceeded or profiles that have been synced to your SIS and have since moved to community status.

Filter on how long a profile has stayed in a particular status

We have a filter that allows you to run a report on profiles that are stale or that have been in trash for a set period. It will work for all Status’ but is primarily used for those profiles in the Trash as your policy will often set rules for a Hard Delete after a certain period (the default is 180 days).

Contacts > All Prospective > Show More

Scenario: You move a record to Trash status (soft delete) and have 180 days to recover that record. After 180 days in the status of Trash, (and if Trash Auto-delete is enabled) the profile and associated documents / information is Hard Deleted from the EnrolHQ servers. If you change the status of the profile and then put it back into Trash, the count will reset.

Trash Auto-delete setting

To automate the Hard Deletion of profiles, we offer a Hard Delete setting under Settings > System > Data Retention Policy

Delete Medical and Abilities Data Only

If you want to keep a light profile inside EnrolHQ including non-sensitive information (name, address, phone numbers) and delete only the medical and learning abilities, go to the Medical Tab and select 'Delete Medical and Abilites Data' found against each profile or in the Bulk Actions menu. This allows you to select the documents you want to Hard Delete. These will be removed and will not be able to be retrieved.

Delete all Documents

If you want to keep a light profile inside EnrolHQ including non-sensitive information (name, address, phone numbers) and delete all the sensitive information (document uploads, medical and learning abilities) go to the Documents tab and select 'Delete all documents' found against each profile or in the Bulk Actions menu. This allows you to select the documents you want to Hard Delete. These will be removed and will not be able to be retrieved.

Bulk Actions

Both the 'Delete All Documents' and the 'Delete Medical and Abilities' tasks are available as Bulk Actions so you can assign to more than one profile at once.

Conclusion

To summarise, you can use the Trash Status to Hard Delete full profiles and set an automation to do that after a certain number of days in that status. You can also use the Delete buttons to Hard Delete Documents and Medical and Abilities data but keep your profiles inside the system.