Erase personal data

Erase personally identifiable information in accordance with GDPR

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The regulation contains provisions and requirements pertaining to the processing of personally identifiable information of individuals and states that individuals have the right to request a portable copy of the data collected by a processor in a common format, and the right to have their data erased under certain circumstances.

In The Zervicepoint Powershell Management module version 1.18.1863 we introduce some new commands, to help administrators identify and delete any personally identifiable information that may have been collected by Zervicepoint during the authentication (login) process but also during the process of ordering services and filling out forms. Below is a list of the new commands followed by examples on how they might be used to erase an individual's personally identifiable data from the Zervicepoint database.

Clear-ZPUserProfile

This command can be used to clear information such as username, common name and email address from a user profile in Zervicepoint.

Get-ZPOrderParameter

This command can be used to locate personally identifiable information entered by the requester of a service, or otherwise collected during the course of a process workflow.

Clear-ZPOrderParameter

This command can be used to clear personally identifiable information contained in order parameters.

Clear-ZPOrder

This command can be used to remove order parameters, order events, task parameters and statuses from orders placed by a user.

Erasing data from order parameters

Erasing data from order parameters (data entered in the order form by the requester of a service, or data collected in a process workflow) can be a bit of a detective work. First of all we need to identify what order parameters might contain personally identifiable information. The easiest way to do this is to examine the order form fields of all our services, making notes on the fields and what type of data they might contain and, most importantly, the names of the variables bound to them.

Let's say we have a service named OrderKeyCard with a form field named SocialSecurityNumber. This is definitely data we want to erase. Looking at the field we see that it is bound to a variable named SocialSecurityNumber. Luckily the name of the variable is always the same as the name of the so called order parameter, so now we have a clue what to search for. We use the Get-ZPOrderParameter command to find any SocialSecurityNumber order parameters from the OrderKeyCard service where the value is the social security number of the individual we want to erase the data for.

PS C:\> Get-ZPOrderParameter -ServiceName OrderKeyCard -Name SocialSecurityNumber -Value "760131-8673" -ExactMatch

This gives us the following output:

OrderId Name                 Text Value
------- ----                 ---- -----
   4681 SocialSecurityNumber      760131-8673
   8912 SocialSecurityNumber      760131-8673

So now we know that this individual has actually ordered the OrderKeyCard service twice, or his/her manager could have ordered it for him/her. Just to make sure that this social security number doesn't exist elsewhere, we also search for any occurrences of this specific social security number as a substring of any order parameter and any service. This is a heavy query so we increase the request timeout to 600 seconds.

PS C:\> Get-ZPOrderParameter -Value "760131-8673" -RequestTimeOut 600

That gave us the following output:

OrderId Name                 Text Value
------- ----                 ---- -----
   4681 SocialSecurityNumber      760131-8673  
   8912 SocialSecurityNumber      760131-8673

Seeing that the results are actually the same, now we know that this social security number doesn't exist anywhere else. Next step is to actually erase the data. We could do this by piping the output of one of the above Get-ZPOrderParameter commands to *Clear-ZPOrderParameter, *but they took quite some time to execute (especially the last one) so we decide to just erase them one by one.

PS C:\> Clear-ZPOrderParameter -OrderId 4681 -Name SocialSecurityNumber
PS C:\> Clear-ZPOrderParameter -OrderId 8912 -Name SocialSecurityNumber

That's it! The individual's social security number is now erased from the database.

Erasing entire orders

Sometimes just erasing order parameters is not enough. You may not have enough information to locate all the order parameters that might contain personally identifiable information. The information may be contained in the order events as well, or in task parameters or custom statuses. To erase all that there's another command named Clear-ZPOrder.

Suppose we want to erase all order information where the requester of the service is a particular user. We know we can get a list of orders requested by a specific user (using the Get-ZPOrder command and specifying the profile id of the user in the -Requester parameter). But first we must find that profile id. We issue a Get-ZPUserProfile command to find out.

PS C:\> Get-ZPUserProfile -Email john.doe@zervicepoint.com

Here's the result:

ProfileId          : bd768716-7502-47d2-8f57-8212447a9c08
NameId             : JohnDoe
CommonName         : John Doe
Email              : john.doe@zervicepoint.com
LanguageName       : en-US
TimeZoneId         :
CultureName        :
IsTemporaryProfile : False

Now we can use the ProfileId property with the Get-ZPOrder command to find all orders placed by this individual.

PS C:\> Get-ZPOrder -Requester bd768716-7502-47d2-8f57-8212447a9c08

We then pipe the output of the Get-ZPOrder command to Clear-ZPOrder.

PS C:\> Get-ZPOrder -Requester bd768716-7502-47d2-8f57-8212447a9c08 | Clear-ZPOrder -Parameters -TaskParameters -Events

This erases all order parameters, task parameters and order events from the orders requested by john.doe@zervicepoint.com.

Erasing data from a user's profile

To erase the data from a user's profile we must first locate the profile. This is typically done using the Get-ZPUserProfile command, providing either the user's email address, or a search string.

Knowing the user's email address, we can simply issue the following command to retrieve the user profile:

PS C:\> Get-ZPUserProfile -Email john.doe@zervicepoint.com

If the email address is not known, we can try to locate the user profile by part of the nameid (username) or commonname:

PS C:\> Get-ZPUserProfile -SearchText "John Doe"

Once we have located the correct user profile, we erase the data (nameid, commonname and email address) by piping it to Clear-ZPUserProfile:

PS C:\> Get-ZPUserProfile -Email john.doe@zervicepoint.com | Clear-ZPUserProfile

The nameid, commonname and emailaddress values are now replaced by the string "[deleted@]".

For a full set of parameters and examples on how to use the commands in this article, please use the Get-Help command with the -Full switch.