PII deletion
This section provides you with information on how to enable PII deletion and about the PII data deletion workflow.
Introduction
The Personally Identifiable Information (PII) data deletion feature allows customers to delete their personal data from the customer data platform. This provides customers greater control over their privacy and helps to protect their data or unauthorised access to their information.
Prerequisites
- Enable customer status. See Enable customer status.
- Make sure that a label is created for each customer status. For more information on customer status labels, see Create customer status label.
For Pending Deletion, the platform creates a deletion_pending status automatically and assigns it whenever a deletion request is raised. The platform does not use any label that you created against the Pending Deletion status.
- Configure PII deletion. See Configuring PII deletion.
- If required, select and mark the required extended field, custom field and payment mode attributes as PII data. See Classifying custom field, extended field and payment attribute as PII data.
Data deletion workflow
Raising deletion request
A PII deletion request can be performed from the Member Care, refer to .the documentation on user deletion from Member Care.
For more information on the PII deletion APIs, see Add deletion request API documentation.
Configuring PII deletion
To enable and configure the PII deletion
- From Organisation settings, navigate to Organization Setup -> PII Configurations.
- To enable the PII deletion, select the CONF_ENABLE_PII_DELETION check box.
- To set the number of days after which the data is deleted (deletion waiting period), enter the number in the CONF_PII_DATA_DELETE_AFTER_DAYS field. You can enter any value between 0-90.
Note
If the waiting period is set to 0 days, the system deletes the data on the same day that you raised the requests and approves if approval workflow is involved. For example, if a customer raises a deletion request at 1400 hrs, the system processes deletion at midnight on the same day depending on the time zone of the cluster the org belongs to on the Capillary platform.
- Click Submit.
For information about the data deleted and retained, see Understanding what data is deleted and retained.
To classify custom fields, extended fields, and payment attributes as PII data, see Classifying custom fields, extended fields and payment attributes as PII data.
Understanding what data is deleted and retained
| Deleted data | Non-deletion data |
|---|---|
| First name and last name | User ID |
| Identifiers such as mobile, e-mail and external id | Transactions (but transaction custom/extended fields can be configured to be deleted). See Classifying custom field, extended field and payment attribute data as PII data. |
| Customer custom and extended fields. This is configurable. See Classifying custom field, extended field and payment attribute data as PII data. | Communications data |
| Payment mode attributes against a transaction | Payment mode (Card, UPI, BNPL) details used for the transaction. But the attributes can be deleted. See Configuring data that need not be deleted. |
| V1 and V2 profile identifiers | PII data in the promo engine or on the OTA (Over The Air) side |
| V1 and V2 profile comm channels | Coupons/promotions/gift vouchers |
| Identifiers/login details in the auth engine | Behavioural events |
| Card custom fields and card extended fields. See Configuring data that need not be deleted. | Points data (will still be attributed to User ID) |
| Search database (solr/ES) | Supplementary and coalition memberships |
| Identifier change logs | Targets and Member care profiles - If you have the profile URL, you can access the profile; however, the page displays a message indicating that the customer has been deleted. |
| Identifiers that are kept in the change requests log are set to null | User group dependencies and associations. Deleted customers remain part of groups/companies unless explicitly removed from groups (User ID remains) |
| Customer data audit logs | PII captured in leads data |
| - | Any other details not mentioned under Deleted data. |
Classifying custom field, extended field and payment attribute data as PII data
By default when you enable PII deletion configuration, the mobile, e-mail and external ids from the customer entity data get deleted. For custom fields, extended fields and payment attributes, you have the option to include them as part of the PII data.
Custom field and Extended fields
If you want to include custom fields and extended fields as part of PII data, perform the following:
- From the Organisation settings, navigate to Master Data Management > Data Model > Custom fields/Extended fields.
- Select the desired custom field/extended field that needs to be part of PII data.
- Click Edit.
- Select the Is this pii data/Is it PII data check box.
- Click Submit.
Payment attributes
If you want to include payment attributes as part of the PII data, perform the following:
- From the Organisation settings, navigate to Organisation set up > Payment modes > Tenders.
- Select the desired tender and click the edit icon.
- Select the desired attribute that needs to be part of the PII data and click the edit icon.
- Click the attributes value icon.
- From the Selection drop-down, select the desired unit.
- Select the Is PII Data check box.
- Click Save.
Submitting and approving requests through Membercare
For information on submitting and approving member account deletion requests from Membercare, refer to Request management documentation.
Deletion request status
| Action | Request status | Customer status and status label |
|---|---|---|
| Capillary receives a deletion request | PENDING | No change to the customer status |
| The brand rejects the deletion request | REJECTED | No change to the customer status |
| Capillary receives a deletion request | APPROVED | Pending Deletion: Deletion_pending |
| The customer cancels the deletion request | CANCELED | Previous customer status |
| Capillary deletes the customer PII after the waiting period. | DELETED | DELETED: Deleted |
Notifying deletion status
Capillary sends an:
- requestUpdated event notification whenever the PII deletion request status changes, and
- customerUpdated event notification whenever the customer status changes.
These notifications will not have any PII data once deletion is complete. The brand can use this information and send notifications to the customer through any communication channel with information about cancellation and tracking deletion status.
FAQs
- Can we raise bulk PII data deletion requests?
For bulk PII deletion, use Connect+. See PII data flow. - Is the PII deletion request approved by default?
This depends on the query parameter. PII deletions need to be approved. - Are custom fields and extended fields part of PII data?
No. But, you can mark the desired custom fields and extended fields as PII data. - Will PII details in the Auth engine be deleted for the users who raised the request?
Yes. After the PII deletion waiting period lapses. - Will event data (behavioural events, transaction events, etc.)be deleted?
No. Data attributed to the user id is not deleted as the user id is not categorized as PII data. - What happens if the waiting period is set as 0 days?
If the waiting period is set to 0 days, the system deletes the data on the same day. - My brand's transaction custom fields/extended fields also have PII data. Can those be marked for deletion?
Yes. You can mark those data as PII data. See Custom field and extended field PII data. - Can I view a deleted customer's events on Member Care?
Yes. - Will the profile be visible if I go to the profile using user_id in the Member Care URL?
No. - Are payment mode attributes deleted by default?
No. But you can configure payment attributes as PII data. See payment attributes. - My brand's payment mode attributes have sensitive PII data. Can I delete that?
You can configure payment attributes as PII data. See payment attributes. - I want to delete event data (transactions, behavioural events and so on) of customers. Is this possible?
No. - Will communications sent to a customer be deleted?
No. - What happens to active coupons that are not redeemed?
You cannot redeem the active coupons associated with the deleted customer ID. - Will OTP messages get sent to customers?
After the PII deletion, the customer will not get any message. - How can a customer track the status of a deletion request?
Brands can use the GET APIs and the event notifications to update the status of the customers. - Is there a UI to view all deletion requests raised in an org?
Yes. - How can a CSR raise a deletion request?
CSR can raise deletion requests through member care. - Can any CSR raise a deletion request?
This depends on access rights. If you have access, you can raise deletion requests on behalf of a customer.
Updated 22 days ago