PersonalDataPurgeTree

In PolicyCenter, entity domain graphs enable purging of Contact, Account, Policy, PolicyTerm, and PolicyPeriod objects. The class PersonalDataPurgeTree creates a tree that stores the relationship of the relevant nodes to determine if the specified pinnable root can or cannot be purged.

The PinnableDomainMethods class defines methods that can be used to find parents, children, and descendants of the current object in the tree, like getPinnableChildren, getPinnableDescendants, and getPinnableParents.

The purge API can then be called, and best effort purging is performed. What gets purged is determined by the results of multiple passes through the domain graphs configured for each pinnable root. Purging is determined by the domain graphs configured for each pinnable root. The Account domain graph is a super-set of the Policy domain graph, and the Policy domain graph is a super-set of the PolicyTerm domain graph. The Contact domain graph, however, intersects with the other domain graphs, but is not a super-set of the Account domain graph.

Note: Even though policy period and policy term are pinnable roots, in the base configuration, PolicyCenter does not provide the ability to purge them directly. Personal data purge must get to them through a higher level graph in the pinnable hierarchy.

The tree is constructed by using the pinnable hierarchy to determine the parents and children of each pinnable node. Starting from the specified start node, all its ancestors are included. For each of the descendants, if there are multiple parents, such as an account with multiple contacts, those parents will be included in the graph. Multiple parents are included because the ability of the parents to be destroyed can affect the start node and the purgeability of the children.

Purgeability for each node in the tree is then computed by performing a multi-step process for evaluating the nodes in the tree. Values are propagated to the appropriate ancestors, descendants, and siblings.

In the base configuration, PolicyPeriod and PolicyTerm are not destroyable if they have a sibling that is not destroyable.

Domain graphs are nested for Account, Policy, PolicyTerm, and PolicyPeriod. Consequently, purging at the account level removes roots below it and does not require an explicit call to each of the pinnable roots below the account. Based on the tree and ability of each node to be destroyed, the minimum set of roots necessary to purge all destroyable roots is calculated and stored in the tree.

The main place that you control the objects that can be purged is in your implementation of PersonalDataDestructionPlugin. In the class, you define MUST_NOT_DESTROY, MAY_DESTROY, and MUST_DESTROY return values for shouldDestroyObject methods.

The result of this process is one of the following values defined in PersonalDataPurgeStatus:

  • CompletePurgeExecuted
  • PartialPurgeExecuted
  • NothingPurged
  • ExceptionThrownOnPurge
  • PurgeHasNotBeenAttempted

See also