Question
When a customer deselects one of two accounts for which data sharing consent was provided, should the CDR data be marked for deletion? If the ADR has a snapshot of the deselected account, should the ADR delete that account data?
Answer
De-identification and deletion rules are triggered when an event makes data redundant. Removal of access to an account could be such an event. However, if there is an ongoing consent to use, or another reason for data retention, then de-identification or deletion is not required.
De-identification and deletion largely depend on the implementation of the ADR service and the consents provided by the consumer.
Comments
0 comments
Please sign in to leave a comment.