“Shredding” Personally Identifiable Information from Contact Records
Paper-based files of all sorts—bank statements, tax records, pay stubs, receipts—can typically be destroyed after a period of time when they will no longer be needed. Depending upon an organization’s internal policies and the laws and regulations by which they must abide, not-for-profit organizations may choose to shred some or all client files after a period of time as well.
With paper files now being digitized, and new data usually collected electronically, the concept of “shredding” takes on new meaning. Instead of literally shredding paper through a machine, electronic files are permanently deleted and erased from storage, whether they be on a hard drive or in the cloud.
One of the best practices seen highlighted within regulations such as GDPR is that an organization should only collect the data that is absolutely necessary for service delivery, especially if that data could be used to identify someone. So, unless it is essential for your organization to collect data such as a person’s name, phone number, social security number, etc. in order to carry our your work, it’s best to never collect it at all.
When you’re speaking over the phone with a person in need, you have control over whether or not to record information shared during the conversation inside your contact management system. However, if you’re communicating by Live Chat or SMS/Text Message, the person in need may share personal information with you that’d you’d prefer not be permanently documented, and if transcripts are automatically generated and stored, that private and personally identifying information may be stored whether you like it or not.
In iCarol, you have the choice whether or not your Live Chat and SMS/Texting transcripts are brought into your contact management system, or if they disappear immediately after the conversation ends, protecting personally identifiable data and allowing your organization to align such data collection and storage with your own internal policies. Further, organizations who wish to keep this information long enough for supervision purposes, but do not wish to retain it long term, have many options within the system to decide when to destroy the information. The capability to electronically “shred” potentially identifying information from your iCarol Contact Records is applied to any documentation recorded in your forms, whether it be data from calls, walk-in visits, chats, SMS/text conversations, public website intake forms, or any other interactions you document.
What gets “shredded?”
We understand that most organizations will wish to keep the data that isn’t classified as personally identifiable information, for instance demographics, issues or needs, and other non-identifying data that is important for reporting purposes. If you choose to utilize the automatic shredding function within iCarol, only certain areas of your Contact Records are effected. Text-entry fields where you might enter names, addresses, phone numbers, contact notes, etc. are deleted. Drop-down, check box, and other pick list type data is retained. For a full explanation of how to set these preferences, as well as more detailed information about what is deleted or retained, customers can sign in to iCarol, navigate to the “Help” section, and search for “Shred” within our help articles. If you’re not yet a customer and interested in learning more, please contact us!
Tags: data collection, data management, data protection, GDPR, privacy
