Re: Best practice or process when honoring an EU lead's request to be removed from the database

Jamie_Hunter · ‎07-18-2018

When an EU lead asks to be erased from the database, is there a best practice to abide by other than simply deleting the person from each system that stores data on the individual (Marketo, CRM)?

Amy_Goldfine · ‎07-19-2018

With the caveat that we have a pretty robust InfoSec team and policy, this is our process:

1. Person emails privacy@, or whoever in the company received the initial request forwards to privacy@

2. Privacy@ triggers a Jira ticket, which is managed by an InfoSec team member

3. Team member verifies the legitimacy of the person/request

4. Person emails alias forgetme@, which has representatives from all business system stakeholders: Marketo, SFDC, Heap Analytics, and our own app

5. Members of forgetme@ each delete the person from their system, and reply-all back to forgetme@

6. Privacy@ confirms deletion with requestor

Amy Goldfine
Marketo Champion & Adobe Community Advisor

Grégoire_Miche2 · ‎07-18-2018

Well,

That's roughly what "erase data" means, doesn't it?

You could anonymize it, but you need to know that it's impossible to fully anonymize a lead in Marketo.

Vote here:

-Greg

Josh_Hill13 · ‎07-18-2018

you should discuss this with your legal team. Some issues that come up are:

Remove it from all systems.
record that you did the deletion
confirming with the requestor
is the requestor authorized to request this?
can you backup the person offline just in case?

Jamie_Hunter · ‎07-18-2018

Thanks Josh. I'll reach out to my legal team to confirm some of those items/issues.