Configuring personal data destruction

Note: The data destruction features described in these topics provide a set of features that help enable insurers to comply with some of their data destruction requirements. These requirements may be driven by insurers’ policies and practices, as well as by their interpretation of various regulatory requirements. Such regulatory requirements may come from, for example, the European Union General Data Protection Regulation (GDPR) or the New York State Cybersecurity Requirements for Financial Services Companies law.

Data destruction is the process of requesting that data be destroyed, making the data impossible to retrieve. Data destruction is typically initiated with a request that specifies a contact or user whose data is to be destroyed. In the base configuration, PolicyCenter provides a web service that is intended to be called by an external application. You use the external application to manage the destruction of the data across Guidewire applications.

Data destruction can be implemented as either purging or obfuscation of data, depending on the data to be destroyed.

Purging is a form of data destruction that completely removes contact data and policy or account data from PolicyCenter. There can be multiple objects associated with the policy, account, or contact that are also removed as they are detected by traversing the entity domain graph.

Obfuscation is a form of data destruction that permanently overwrites fields, such as user contact fields, with data that replaces the original data. Some actual removal of data can also be involved, such as deletion of an address referenced only by one user.

For example, obfuscation might be required if destroying the data affects policies that cannot be destroyed. Purging user data for a former employee could affect hundreds or even thousands of accounts, policies, policy terms, and so on. Therefore it makes more sense to obfuscate the data for the user and leave the other data alone.