Вы находитесь на странице: 1из 12

Legend Redaction Process.

Introduction

The Legend system has been amended to cater for the ‘right to be forgotten’ requirements of the
General Data Protection Regulations (GDPR) which come into effect on the 25th May 2018 for the UK
and the EEA.

The Legend Redaction process redacts the personal data in Legend whilst retaining the records
within the system. This means you will still be able to see management reports with member
numbers and transaction records but the personal information will not be available.

If you were to search for a redacted member by name - the record would not be found.

If you were to search for a redacted member by member number – the record would be found but
the personal data would not be available to see.

In terms of GDPR the personal data is no longer in the database.

If you wish – the redacted data can be stored in a separate data file which you can secure as you
wish. Doing this would enable you to find a member number for a person after redaction provided
you had the credentials to access the file. If you do not wish to store such details there will no longer
be a process to identify a member name to a member number after a record has been redacted.

The redaction process allows you to set up redaction rules based on your data retention policy. This
could be a time period after a member has lapsed (for example 2 years) or members of a whole club
(for example if you close a club).

Members can also be redacted if they make an express request to be forgotten. Note that you will
need to implement your own approval criteria for such requests. For example you should consider
whether the member has an outstanding debt or has had a disciplinary sanction at any time in the
past. The member must have a status of lapsed.

The redaction process runs on an overnight basis. Once run Legend will have access to backups for a
redacted member for 7 days only. After this period the redacted data will be removed from the
backups.

You should also note that redaction only processes personal data in the Legend database. Should
you have any data in external systems or written records these will need their own redaction
processes.

The Legend Redaction configuration is set up within the CRM Module.

The following security tokens are used in the redaction process


Legend Redaction Process – Flowchart of events

The following table provides a summary of the sequence of events in the redaction process. The
stages are explained in more detail in the following pages.

Stage Task Notes


1 Configure redaction rules Members who have been lapsed > nn months
Members who have requested to be forgotten
Clubs closed for nn months
2 Overnight redaction takes Automatic processing by Legend
place Uses redaction rules to determine redaction
Clears personal data in Legend
Places name, member no, postcode in holding table
3 Export the redacted Moves holding data to external file
member details from Removes data from holding file in Legend
holding table to external Takes place nn days after overnight redaction
file (optional) All redacted personal data now out of
4 Purge the member details Purges the external file
from the legend database No redacted data available in Legend
5 Legend backups Held for 7 days – after this no recovery of redacted data
Future Actions
6 Request to find a redacted Direct search including redacted members
member - Member
number known
7 Request to find a redacted Examine external file to identify member no from name
member - Member Direct search including redacted members
number not known
Stage 1. Configuration of Redaction Rules

The configuration of the rules around redaction of members is now available as an option within
CRM. Within the CRM module navigate to Configuration and select Contact Archive Tasks.

There are a number of settings on which you can determine whether and when a member's
information will be redacted. These are as follows:

 Redact the member a certain time period after being lapsed


 Redact the member's information a certain time after a club has closed
 The member record has been marked as ‘Forget member’ as a result of the member making
an express wish to be forgotten and having passed the approval process.

There is also the ability to select which locations the redaction routines are run against so new clubs
are not automatically included in the location scope.

To configure Redaction rules

Navigate to CRM > Configuration > Contact Archiving. Select ‘Contact Archive Tasks’

Select New Redaction Task

 Archive Job Type dropdown will contain a list of types – select Redaction.
 Enter a Description to distinguish between different Tasks
 Archive Task Rule will contain the only rule in place (Contact Redaction)
 At the bottom of the screen - Select the locations that this rule will apply at
 When save is pressed you will get the filters associated with the selected Rule. These are
displayed below
Below is the same screen but with values set against the filters. To change the values just
delete/type over the values set.

Typical filters illustrated above are:

 Club has got to be closed (marked as inactive) for 12 months


 Members are Lapsed/Cancelled for a minimum of 24 months
 The Redaction will only take effect at York and Liverpool (restriction will only take place at
ticked locations)
 Contact has requested to be forgotten is set to 0 (false) which means it will not be executed.
To set this to be active change the value to 1 (positive)

Once you have configured your options with the time periods for your data retention policy, click
‘Save’ and the configuration is now complete

What to do with a member who requests to be forgotten

To be able to use this functionality you will need the new security token:

DPA_CAN_SET_RIGHTTOBEFORGOTTON (token available to Admin user groups only)

Once you have access to the above token, Open MM and select a member who is lapsed or
terminated. Open the Special navigation section in the side bar. You will notice there is now a new
link called ‘Data Protection -Forget Member’.

The link should be active (if you have the security token) and clicking it should mark the member as
‘to be forgotten’ in the db. The link will now change to ‘Unforget Member’.
Note that you will then need to re-enter your credentials to confirm this selection as an additional
security measure. Also that legend has no additional validation process – staff will be responsible for
ensuring that internal processes to approve the right to be forgotten are followed.

The screen below shows a member in MM. On the bottom left of the screen is the option to ‘Forget
member’ which can be used when a member asks specifically to be forgotten.
Once you have entered your details and clicked ‘OK’, this means the member is now eligible to be
redacted when the redaction process runs next.

Your redaction rule for members to be redacted when the forget member flag is set would be:

Set the contact has requested to be forgotten to 1 which means it will be executed.

Stage 2. The overnight data redaction process.

An overnight process will identify members that are selected for redaction through matching the
data redaction rules. Once selected the following actions will take place on the member, contact and
prospect records:

 The first name and last name will be changed to ‘Redacted’ and ‘Member’.
 The email will be changed to archived.member@none.com
 The address, occupation, ethnic origin, medical information, communication preferences,
goals, interests and telephone numbers will be replaced with null values
 The date of birth can optionally be set to a database default value
 The photograph and notes will be deleted
 The bank sort code and account number and where used BIC and IBAN will be asterisked to
mask part of the number

The redacted data will be written into a ‘holding’ table within Legend pending the final stage of
redaction.
Contact Archive Search

Once the redaction routine has been run the details are held within Legend within a holding file
pending export to an external file. Should you wish to locate a member in the holding file you can
use the Contact Archive Search Function.

To access this navigate to Contact Archiving>Contact Archive Search. Select the search criteria you
wish to use from Member Number, Surname or Postcode

Stage 3 Export the redacted records to an external file (optional)

Having redacted the members you now need to complete the removal from the legend database.

Navigate to Contact Archiving>Contact Archive Export. You have two choices.

1. To export the redacted details to an external file.


2. To purge the holding file so the details no longer exist in the Legend database

Choose to show all redacted but unexported or all records regardless of exported or not.
To Export the files select the ‘export’ button where you will be asked to reauthenticate

After authenticating you will be asked for a location to generate the file – select an existing file to
append to the contents.
Click Save to complete the process – a box will display in the bottom right of the screen.

Remember you are responsible for the security of this file as it is now outside of the Legend
database. Legend recommends that the file is named to easily identify the file and password
protected to restrict access. It should also be stored or located in a secure area of your
infrastructure.

If you feel that you may need to locate a member number from a name at some time in the future
you will need to export your redacted data to a holding file.

If you do not export to a holding file there is no way to identify a member number from a name for a
redacted member.

If you were to look at the exported file you would see the following layout:

Member Number Surname FirstName Postcode Archived On


1021899 Lane Lara CA5 7TF 06/Apr/2018 11:32
6010156 Bevan Jade ZE2 8ZA 06/Apr/2018 11:32
6010157 Newton Adam PH10 8WN 06/Apr/2018 11:32
6010158 Newman Maisie LL77 8ZE 06/Apr/2018 11:32
3007057 Humphreys Josh CF3 7NA 06/Apr/2018 11:32
3007066 Hargreaves Joshua BS26 7TH 06/Apr/2018 11:32
064486 Fox Kyle 06/Apr/2018 11:32
Stage 4. Purging records from the holding table

You can purge records from the holding table regardless of whether you have exported them or not.
To do this select the records in the same way as for exporting but this time press the Purge button.
You will again be asked to authenticate your login details.

The purge will then take place indicated by a box in the bottom right of the screen

Note that there is a facility to automate this process. The two default values configured in the
database are:

DPA_NotExportedRetentionMonths. This will purge any records older than 12 months since
redaction.

DPA_AlreadyExportedRetentionMonths. This will purge exported records 3 months since export.

Should you wish to have these values changed you will need to contact Legend Support.

You should specifically not that there is no automatic export of records from the holding file into the
external file.
Stage 6 & 7. Viewing a redacted member in Membership management

You may find that you might need to access a particular member record after they have been
redacted. Examples of the need for this might be for a legal enquiry or investigating a claim for injury
where you want to see if a member was member or attended on a particular date. To do this you
will need the member number or barcode.

To identify the member number from a name you will need to access the external file created via the
export function.

To view redacted members in MM you need the following security token

DPA_CANVIEWMEMBER_ARCHIVE_MM

If you have the necessary token, the member search form has a checkbox to 'Show Redacted
Members' with this ticked, you can search for redacted members by member number or barcode.
The screen shot above shows the results from a search for a redacted member and the screen below
the redacted account details. Note the mandate reference is retained in case of future queries.

Future work on redaction

We are currently looking at providing a mechanism to enable to mark a member as ‘banned’ which
will prevent the member being redacted under the normal redaction rules.