I'm posting these questions in the forum because I think they might benefit other customers as well.
For GDPR-compliance, we have identified five areas we use where we need to clear up PII-related data:
- User profiles
- Contact profile
- Conversation recordings
- Conversation participant attributes
- Conversation other metadata (ani)
1 User and 2 contact profilesAfter going through the documentation, I've understood that for 1 and 2, we can use the
/api/v2/gdpr/requests
endpoints.
Question 1: What if any is the difference between using a
POST /api/v2/gdpr/requests
with
requestType: GDPR_DELETE
and just deleting the user and/or external contact?
3 Conversation recordings
For deleting conversation recordings, we have the
Recording Policy. That policy will not apply retroactively however.
Question 2: We have changed our recording policies and need to retroactively remove recordings, how would we do that? Can we request a one-time cleanup job, or else would we need to script the recording deletion jobs ourselves?
4 Conversation participant attributes
For multiple media types such as calls, chats and emails, we leverage participant attributes to store data and handle and route the interactions. Some of these fields of ours contain PII information.
Question 3: Any recommendation how we best clean up these participant attributes? The way I've found is via
PATCH /api/v2/conversations/{conversationId}/participants/{participantId}/attributes
That endpoint does require us to parse all conversations and participants though. I suppose there isn't an easier way?
Question 4: Is there a policy-tool like the one for archiving/deleting recordings on the roadmap for removing/redacting data in participant attributes?
5 Conversation other metadata (ani)
Question 5: Is there a way to anonymize anis fields from the conversation detail metadata? I cannot find it.
#Reporting/Analytics#Security#SystemAdministration------------------------------
Joel Hellman
------------------------------