About the Privacy Utility
The user who runs the Privacy Utility should be authorized to use an Electronic Signature. See Setting up the Privacy Utility for Electronic Signatures.
In addition, the Privacy option on the Electronic Signature Records Report allows auditors to see who used the Privacy Utility, when they ran it, and what action they performed on which records. This report does not show any individual's personal data.
Types of private information
The Privacy Utility searches the database to find personal data, given a specific name and country. It is intended to find information about an individual (employee, customer, vendor, applicant, etc.) who has requested to see or redact their personal data from your database. It is not intended to find companies or company data.
Personal data is information that, when combined with other data, could be used to make an individual reasonably identifiable. This includes details such as the individual's name, photo, email address, bank details, or medical information.
These areas of the database are searched for the person's records:
- Applicant information such as name, address, education, references, and work experience
- Consumer information
- Customer information such as name, address, credit card, service contracts/rentals, partners, point of sale
- Drop ship to information
- Employee information such as name, address, birthdate, direct deposit bank accounts, emergency contacts, education, injuries, insurance, work experience, children and partners
- Prospect information
- Sales contact information
- Vendor information such as name, address and partners
Data retention policies
Each country, government, and company can have specific rules about data retention periods. It is the responsibility of the person who runs the Privacy Utility to follow these rules in regard to retention of data.
Types of information that are not covered by the Privacy Utility
Data in some areas of the application is not searched, or X'd out, by the Privacy Utility. It is your responsibility to handle this information as needed for privacy concerns, and to document your process for handling this information:
- Audit Log: If you have turned on Audit Logs that track changes to names or personal information, then you must ensure that those audit logs are deleted. Purge utilities are available for the audit logs, and you can turn audit logs on or off.
- BODs: Personal data in business object documents (BODs) in the Replication Document Inbox or Outbox forms is not searched. It is up to you to purge this data.
- Customer, prospect, and vendor interactions: This data is not processed by this utility. You must determine what information in these interactions is private, and handle it accordingly.
- Contacts: Contact information on transaction forms such as Customer Orders or Purchase Orders is not included in this utility. You must purge it.
- Third party software: It is up to you to document and notify any third party (such as EDI, tax interface, EFT institutions) to which you are sending personal data.
- UETs: If a User Extended Table field contains personal information, you must purge this information.
- Electronic Signatures: If an Electronic Signature description includes a user name, it is not included in the Privacy Utility report or processing.
- Pictures: If the database contains an employee picture, the utility removes the link to the picture when X-out is performed. However, you must delete the picture from the server.
- Users: Records on the Users form are not included in the utility. You must purge this data.
- Machine-readable data formats: If you have exported data from forms to Excel or saved it as XML or .CSV files, you must edit or remove the data from those files as required.