Right To Forget
Security regulations and policies may require that UII data needs to be Erased or Forgotten, when requested by the owner of the data. For example, if a customer requests that his UII data is Erased, then the enterprise needs to delete or make customer’s data unusable. Alternatively, the enterprise can remove the sensitive elements of the customer data so that the customer can no longer be identified in the data. For example, if customer’s name, contact information and other identifiable information is removed from the customer’s transaction history, it makes customer transaction history insensitive as it can no longer be identified with the customer.
It is common in enterprises to have copies of the same data saved and maintained in multiple data stores in the enterprise. For example, an enterprise may choose to maintain same data in: i) Transactional Data Store, which has real time and/or near-real time shopping/buying/selling transactions ii) Operational Data Store, which has copies of historical raw business transaction data iii) Data Warehouse, which has the summarized data for the business transactions iv) Data Marts, which has data needed by intra departmental applications. All these data stores may have UII information. In order to Forget or Erase any specific customer data, the sensitive data needs to be removed from all these data stores.
CipherWorks provide a novel solution for easily making the sensitive data unusable when the data is not needed.