Genesys Cloud - Main

 View Only


Discussion Thread View
Expand all | Collapse all

Removing PII data from conversations

  • 1.  Removing PII data from conversations

    Posted 04-29-2019 06:41
    Edited by Joel Hellman 04-29-2019 06:43
    I'm posting these questions in the forum because I think they might benefit other customers as well. 

    For GDPR-compliance, we have identified five areas we use where we need to clear up PII-related data:
    1. User profiles
    2. Contact profile
    3. Conversation recordings
    4. Conversation participant attributes
    5. Conversation other metadata (ani)
    1 User and 2 contact profiles
    After going through the documentation, I've understood that for 1 and 2, we can use the /api/v2/gdpr/requests endpoints.

    Question 1: What if any is the difference between using a POST /api/v2/gdpr/requests with requestType: GDPR_DELETE and just deleting the user and/or external contact? 

    3 Conversation recordings
    For deleting conversation recordings, we have the Recording Policy. That policy will not apply retroactively however.

    Question 2: We have changed our recording policies and need to retroactively remove recordings, how would we do that? Can we request a one-time cleanup job, or else would we need to script the recording deletion jobs ourselves?

    4 Conversation participant attributes
    For multiple media types such as calls, chats and emails, we leverage participant attributes to store data and handle and route the interactions. Some of these fields of ours contain PII information. 

    Question 3: Any recommendation how we best clean up these participant attributes? The way I've found is via PATCH /api/v2/conversations/{conversationId}/participants/{participantId}/attributes That endpoint does require us to parse all conversations and participants though. I suppose there isn't an easier way?

    Question 4: Is there a policy-tool like the one for archiving/deleting recordings on the roadmap for removing/redacting data in participant attributes?

    5 Conversation other metadata (ani)
    Question 5: Is there a way to anonymize anis fields from the conversation detail metadata? I cannot find it.
    #Reporting/Analytics
    #Security
    #SystemAdministration

    ------------------------------
    Joel Hellman
    ------------------------------


  • 2.  RE: Removing PII data from conversations

    Posted 08-23-2019 04:47
    Any input from Gensys on especially question 4?

    ------------------------------
    Joel Hellman
    Hi3G
    ------------------------------



  • 3.  RE: Removing PII data from conversations

    GENESYS
    Posted 08-24-2019 06:52
    Hi Joel,
    Participant data will be stored for 90 days after which is deleted from the system. I'm not aware of any plan to allow a specific policy to be set to delete participant data.

    There is active work that is being done to provide greater flexibility around deleting recordings - see https://purecloud.ideas.aha.io/ideas/CLWFO-I-167

    And we have broader work in this area - see https://purecloud.ideas.aha.io/ideas/CLPLA-I-709

    Regards,
    Don

    ------------------------------
    Don Huovinen
    Genesys - Employees
    ------------------------------



  • 4.  RE: Removing PII data from conversations

    Posted 08-24-2019 09:08
    Thanks Don, that helps a lot.

    Didn't know about the 90 day retention rule, but I verifed it, and it will solve many of our immediate retention problems.

    ------------------------------
    Joel Hellman
    Hi3G
    ------------------------------



  • 5.  RE: Removing PII data from conversations

    Posted 09-02-2019 01:54
    Hi again Genesys

    Can you confirm the participant attribute data is deleted on your end after 90 days, not just made unavailable via (some) APIs?

    I've not found any mention of this in the official documentation. Also, I found a conflicting (but older) post https://developer.mypurecloud.com/forum/t/dispatcher-and-custom-attributes/3604 that suggests that maybe, the data is still there.

    ------------------------------
    Joel Hellman
    Hi3G
    ------------------------------



  • 6.  RE: Removing PII data from conversations

    GENESYS
    Posted 09-09-2019 10:59
    Hi Joel,
    I had some subsequent discussions and was informed that we have made changes to our analytics processing layer based upon customer requests to be able to retain participant data as part of the main analytics stream.

    BACKGROUND - Conversations, which include the participant data, were extracted via the Analytics queries and you would get participant data returned. The Conversation detail was only retained for 90 days therefore if you tried to query Analytics for a record that was 91 days old you would still get the Analytics information but not the participant data as that was part of the Conversation and therefore already deleted.

    UPDATE - Many customers are looking for easier access to data and greater retention so we have made some recent changes to accommodate this, which includes retaining the participant data as part of the main interaction.

    There are some ideas around retention and deletion (https://purecloud.ideas.aha.io/ideas/CLPLA-I-709) and this is an area where obtaining more customer feedback on specific considerations and configuration options could benefit us to ensure we can determine the best approach.

    Don

    ------------------------------
    Don Huovinen
    Genesys - Employees
    ------------------------------



  • 7.  RE: Removing PII data from conversations

    Posted 09-10-2019 04:25
    Thanks for looking into this further. Did I understand you correctly that the Participant Attribute data is still available after 90 days today (in some endpoints)? And/but that you are looking into making this behavior more configurable?

    ------------------------------
    Joel Hellman
    Hi3G
    ------------------------------



  • 8.  RE: Removing PII data from conversations

    GENESYS
    Posted 09-11-2019 10:41
    Correct. We just released the Jobs API endpoint last week (https://help.mypurecloud.com/releasenote/september-4-2019/ , Conversation Detail Records enhancement in Analytics API). This API provides more flexibility for conversation detail access, contains the participant attribute and this is currently available indefinitely.

    There has been some discussion on how to improve retention. I believe obtaining further feedback and comments to this Idea from yourself and other customers would be beneficial. For example for some scenarios participant data is used solely from screen pop, sending data from IVR to agent desktop/crm therefore it is solely transient. In other scenarios participant data is used for reporting and should be stored indefinitely. Customers would need to make this distinction in development (Architect, Scripter, APIs, etc.), we would need to have defaults, etc. Understanding customer needs more would help product management better understand the considerations to do this in the best manner (minimize effort if you don't need this, don't make it too complex, address customer needs, etc.)

    Don

    ------------------------------
    Don Huovinen
    Genesys - Employees
    ------------------------------



  • 9.  RE: Removing PII data from conversations

    Posted 05-23-2024 22:41

    Hi Don, an old thread so hopefully you're still around the boards - but it's very pertinent to a current discussion.  Can you please confirm for me what the situation is today with regards to retention of participant data?  I'm struggling to find a clear statement on the resource centre that's not just a "details" wording.

    Thanks



    ------------------------------
    Vaun McCarthy
    ------------------------------



  • 10.  RE: Removing PII data from conversations

    GENESYS
    Posted 30 days ago

    Hi Vaun,

    At that time (4+ years ago) this data was being retained indefinitely however there is a maximum threshold that can be set via https://help.mypurecloud.com/articles/set-the-maximum-interaction-data-retention-time/. I don't recall when this was implemented but it was also many years ago. 

    Let me know if this clarifies or you are looking for further details.



    ------------------------------
    Donald Huovinen
    Genesys - Employees
    ------------------------------



  • 11.  RE: Removing PII data from conversations

    Posted 30 days ago
    Thanks Don but that seems to imply ALL interaction data, not just participant data.


    Sensitivity Label: General






  • 12.  RE: Removing PII data from conversations

    GENESYS
    Posted 30 days ago

    That is correct. It will apply to ALL interaction data. As mentioned several years ago this was being maintained indefinitely. We addressed this with an enhancement allow you to specify TTL on the interaction data. Participant data is a subset of this. There is not a separate setting specific to TTL for participant data. 



    ------------------------------
    Donald Huovinen
    Genesys - Employees
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources