POPIA compliancy series #3 Ensuring no user data is stored after their retention period limit

POPIA compliancy series #3 Ensuring no user data is stored after their retention period limit

The Protection of Personal Information Act (POPIA) is mandated by the South African government for data privacy to regulate how organizations operating from and outside South Africa can collect, store and process the personal information of citizens of South Africa.

POPIA mandates that any personal information of user or employees should be  collected stating the purpose for which it is collected and with consent from the person for processing. It should be destroyed or deleted when its purpose of collection is fulfilled or if it reaches the retention period limit.

As stated in section (section 14(4)) of POPIA, "A responsible party must destroy or delete a record of personal information or de-identify it as soon as reasonably practicable after the responsible party is no longer authorized to retain the record", it is crucial to remove all sensitive user information as and when a user's AD account is deleted or disabled. ADManager Plus' customizable disable and delete policy can help you comply with this in a few simple steps.

 

How to configure a custom disable and delete policy ?

  1. Navigate to Admin> Custom Settings> Delete/Disable Policy

  2. To define a delete policy,

  • Select the Domain to which you wish to apply the delete policy to.

  • Click on the Delete Policy tab to select the actions that must be performed when user accounts are deleted.

  • To delete the home folders and profile paths when the corresponding user accounts are deleted, select the desired options from the Home Folders and Profiles section.

  • To delete the mailboxes along with the user accounts, select the delete user mailbox permanently option located under 'Mailboxes & Other accounts'.

  • Export user mailbox option allows you to export user mailbox to the specified location before deleting the user(s). You can track the status of the export mailbox requests with Mailbox Export History option. If the export fails, the user(s) will not be deleted.

  • If you wish to execute a custom script when user accounts are deleted, use run custom script option located under Custom Script.


  1. To define a disable policy,

  • In the Delete/Disable Policy pane, click the Delete Policy tab to select the actions that must be performed when user accounts are deleted.

  • To delete the home folders and profile paths when the corresponding user accounts are deleted, select the desired options from the Home Folders and Profiles section.

  • To delete the mailboxes and hide the user's address from the Exchange lists, select the delete user mailbox permanently option located under Mailboxes & Other accounts.

  • To revoke an Office 365 user's membership from all MS Teams, select the Remove user from MS Teams option.

  • If you wish to move the users being disabled to a specific OU or remove them from all the groups that they are currently members of, use the relevant options under the other tasks section.

  • To execute a custom script when user accounts are disabled, use run custom script option located under Custom Script.

  1. Click Save.

 

In case you missed out,check out the earlier posts in this series on tracking access and permission to data in your organization and establishing organization wide policies for access and permission management, in order to be compliant with POPIA.

 

Tune in next week for an interesting hack on managing access and permissions to align with POPIA compliancy requirements!

 

Cheers,
ADManager Plus.

                New to ADSelfService Plus?