Traversing the purge tree to determine disposition

This second step of purge graph traversal identifies entities that are eligible for purging. PolicyCenter excludes from purging entities that have a MUST_NOT_DESTROY disposition and entities whose presence is required to preserve data consistency. For an example of the latter, an entity in the graph that has a descendant that is not purgeable is excluded in this pass.

The traversal starts from the initial root of the personal destruction request and visits all descendant nodes.

For each visited node, PolicyCenter invokes disposition logic and marks the node not purgeable if any of the following are true:

1. The node has a disposition of MUST_NOT_DESTROY.
2. The node is an ancestor of a node that has a disposition of MUST_NOT_DESTROY.
3. The node is a PolicyPeriod or PolicyTerm sharing a Policy with another PolicyPeriod or PolicyTerm that has a disposition of MUST_NOT_DESTROY. For example, two pairs of PolicyPeriod and PolicyTerm objects are children of a Policy and are adjacent nodes to one another in the graph.

   Sets of related Policy, PolicyTerm, and PolicyPeriod objects are kept or purged together. If a single object in the set has a disposition of MUST_NOT_DESTROY, the entire set is kept. For example, a single PolicyTerm that has a disposition of MUST_NOT_DESTROY prevents the purge of any Policy, PolicyTerm, and PolicyPeriod objects in the set.

See also

• PersonalDataDestruction plugin interface