1 of 1 people found this helpful
you should discuss this with your legal team. Some issues that come up are:
- Remove it from all systems.
- record that you did the deletion
- confirming with the requestor
- is the requestor authorized to request this?
- can you backup the person offline just in case?
Thanks Josh. I'll reach out to my legal team to confirm some of those items/issues.
That's roughly what "erase data" means, doesn't it?
You could anonymize it, but you need to know that it's impossible to fully anonymize a lead in Marketo.
With the caveat that we have a pretty robust InfoSec team and policy, this is our process:
1. Person emails privacy@, or whoever in the company received the initial request forwards to privacy@
2. Privacy@ triggers a Jira ticket, which is managed by an InfoSec team member
3. Team member verifies the legitimacy of the person/request
4. Person emails alias forgetme@, which has representatives from all business system stakeholders: Marketo, SFDC, Heap Analytics, and our own app
5. Members of forgetme@ each delete the person from their system, and reply-all back to forgetme@
6. Privacy@ confirms deletion with requestor