Data rentention, deletion, and anonymization

The system administrator can define the data retention time for all conversation channels and for handled/expired outbound campaigns on both system and queue levels. The system level setting is the default setting for all queues and the queue level setting overrides it for a specific queue. After the retention time, all data is anonymized or deleted automatically. Alternatively, the data protection officer (DPO) can, on a person's request, destroy data related to them.

Anonymizing conversation data means that the data will be modified so that the event can no longer be linked with a person. Anonymizing, instead of deleting the event, is done to ensure that the conversation statistics will show correct numbers.

The following list explains which data is anonymized and which deleted:

  • Call events are anonymized and the possible call recordings are deleted.
  • Handled email conversations are anonymized and the email subject and body are replaced with text {Anonymized by DPO}. Possible attachments are deleted. This applies also for other email type items, such as tasks and action items.
  • Chat events and chat subject are anonymized, and the chat transcript is deleted. This applies also for other chat-type sub channels, such as SMS and Facebook Messenger. Possible attachments are deleted.
  • If there is a script linked with a conversation item, the script freetext contents are deleted.
  • If internal notes have been added to a conversation, the notes are replaced with text {Anonymized by DPO}.
  • If attached data (CAD) has been added to a conversation, the data is replaced with text {Anonymized by DPO}.
  • Completed or expired outbound campaigns:
    • After the retention time, the campaign and the corresponding call events are deleted.
    • When deleting data on request, the customer data and call events are deleted in the campaign.
  • Directory data and consent information are not removed after retention times but only on request.

Retention times

  • Retention times of personal data are defined in System Configurator (System Management > Personal Data Retention Times).

  • Call recordings are deleted when the time given in Retention Time for Calls expires.

  • All conversation-related reporting data can be deleted (in addition to the anonymization done after the retention time) by defining the Reporting Database Server variable Reporting Data Retention Time in Years in Infrastructure Administrator.

Data deletion on request

The DPO can create the personal data report and remove all personal data on request. For more information, see Generating personal data reports.

Blocking

Blocking means the identification of recorded stored personal data to restrict its further processing or use. In the contact center context, blocking can be used, for example, in cases where the organization needs to keep conversation-related data and contents for a longer time than otherwise defined in their data privacy policy. Although this data shall not be erased, it may be necessary to block it from appearing in any regular data searches.

In this case, the DPO will use the Generate Personal Data Report tool to find the relevant personal data and then collect and store the verified event data (meaning event contents, including possible attachments and call recordings) in a storage that is external to Sinch Contact Pro . The DPO will then delete the data from Sinch Contact Pro to block it from operative use (for example, appearing in historical searches)..