Erasure requests are a key component of privacy regulations worldwide. To meet the growing requirements, teams must be able to effectively erase a requesting user’s data.
Erasure requests are a key component of privacy regulations worldwide. To meet the growing requirements, teams must be able to effectively erase a requesting user’s data. That erasure actually might not leave a blank cell in the database, and that’s a good thing.
The EU’s General Data Protection Regulation (GDPR) has set the global standard for privacy, including in the rights it grants to users. Among them, a right to erasure: a user can request that a company remove all personal data they hold on them. In recent years, this right to erasure – sometimes called “right to delete” or “right to be forgotten” – has cropped up in privacy regulations worldwide, from Virginia’s CDPA to Brazil’s LGPD. Teams worldwide must understand and be ready to fulfill erasure requests alongside other data subject requests.
The basic concept of an erasure request is simple enough. An erasure request in action, however, does not always look like putting null values in your databases. In fact, just clearing your database cells could spell trouble for your data systems. Here, we explain the variety of methods for implementing erasure requests. We also point out why a data erasure is not always the same as pushing “delete.”
It might seem like a hard delete is always the best option for erasure in a business database. But there are some instances where a hard delete simply isn’t possible. What if there are complex downstream data processes that will begin to throw errors if they encounter an empty cell? What if some aspect of the data in question must be retained due to overriding legal imperatives? While clearing a database cell is one means of erasing personal data, this approach can quickly spell trouble for your business intelligence. Our VP of Product Kelly Huang explains:
“Most engineers and architects of an enterprise data system don’t normally consider the impact of a simple deletion from a database row. Even the most minimally complex data ecosystem has very complex processes that power the business. ETLs, ELTs and other replication processes and pipelines keep your business intelligence robust. Deletion of data — whether by an internal tool, an off-the-shelf SaaS product, or a direct deletion by a DBA — could break the relationships the ecosystem relies on to keep the business moving.”
Your data systems might require more complex approaches to erasure, so it is important to understand the options.
Instead of clearing all data cells associated with a requesting user, it may be more appropriate to replace those values with placeholders that have nothing to do with that user. For instance, you could replace data fields with the string “MASKED.” In doing so, you have erased the user’s information while leaving a string in each of the cells. This approach is worth considering if you run applications that validate the formatting of database entries. Whereas deleting an email address could trip up a downstream application because the empty cell fails the format validation, a fixed string could satisfy those requirements without using the user’s personal information.
Alternatively, you may wish to provide a unique placeholder for every time you delete a user’s data. In this case, a randomized value such as a combination of letters and numbers would suffice.
Many data systems today need more sophisticated erasure techniques than hard deletes or basic substitutions. For instance, you might run an application that requires each of your database entries to maintain referential integrity. That is, you must preserve the relationships between data-points, but you cannot leave the information in plain text. To quote Kelly once more:
“When you delete or anonymize personal information that’s used as the primary key in a database, all relationships across the schema break unless you’ve employed a strategy that maintains the referential integrity.”
To solve this challenge, you could encode the value using cryptography methods. The end result is a value that only those with the right key can decode. You maintain referential integrity while removing the personal information of the requesting user.
In specific situations, the appropriate response to an erasure request might be to erase nothing at all. This approach is only appropriate when you are obligated to retain information for business purposes. For instance, you may be required for tax purposes to hold onto customer’s payment information. It is important to communicate this limitation to your customers, providing them with an accurate picture of their personal data in your systems.
Compliance with privacy regulations should not obstruct your data systems from their core business functions. In fact, privacy compliance cultivates long-term business growth. By using the right data operations to fulfill erasure requests, you keep your data systems in healthy condition while demonstrating to your users that you respect their data. In earning users’ trust, you can focus on growing your business.
Ethyca simplifies erasure requests for companies and users alike, while also providing companies with the nuance to choose the right erasure methods for their data systems’ needs.
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Get a Demo