Post
by Kath » Mon Apr 16, 2018 10:59 am
I was able to talk to someone in my company who has a better handle on this. Apparently, I was assigned to someone who doesn't understand this requirement. Lol... sometimes....
Companies are allowed to keep PII if this data is needed to maintain corporate operations. Employee records, payroll records, etc., can all be kept for the legal length of time. What has to be purged is employee data that has no valid reason to be stored.
So, not as ominous as it sounded at first.
What I have to do;
1. Develop and implement a record retention policy
2. Identify data records that contain PII that isn't needed once the employee leaves - example, employee requests to IT, facilities, etc. (ex: "Please give me access to the XYZ system.)
3. Develop a method to easily process a request from a former employee, showing which data of theirs we are storing.
A former employee can not call up a company and demand that the security tapes showing them stealing from the company be destroyed, but if they ordered office supplies "x" years ago, they can demand that those identifier fields be updated to show anonymous.
Why are all the Gods such vicious cunts? Where's the God of tits and wine?