Re: Requests for record/data erasure

[Jerry Tylutki <jtylutki () HAMILTON EDU>]

We fall in the category of responding with a GDPR template message asking
for a GDPR compliant erasure request specifying the data fields to be
deleted, relationship with the college, and proof of identity. No responses
to date following the saymine requests.

But  I can appreciate the question. I received a request to stop snail-mail
communication to an address through the PaperKarma app. There is no legal
precedent to delete this (to my knowledge, IANAL); it becomes a
moral/ethical question of what we can do when we receive requests. I see
where Jonathan is looking - we are all going to see data privacy begin to
become a much bigger part of our jobs, and understanding how other
institutions are handling these requests is a great part of the
conversation now.

*-------*

*Jerry TylutkiInformation Security Officer*
*Hamilton College*

*(315) 859-4289 -- office*

******The contents of this email are CONFIDENTIAL. If you have received
this email by mistake, please notify the sender and delete the email and
its contents.******


On Mon, Feb 1, 2021 at 2:32 PM Laura Raderman <lraderman () cmu edu> wrote:

> We simply respond with “what law are you asking us to erase your data
> under?” And we haven’t heard any followup response from any of them….
>
> Laura Raderman
> ISO Policy & Compliance Coordinator
> Carnegie Mellon University
> lraderman () cmu edu
>
> > On Feb 1, 2021, at 2:15 PM, Kimmitt, Jonathan <
> jonathan-kimmitt () UTULSA EDU> wrote:
> > Hi all,
> >
> >   We are receiving an increasing amount of ‘data erasure requests’, and
> I am wondering how other .edu’s are handling….
> > One of the emails that we are specifically receiving is:
> > ____________________________________________
> >
> > Hello Utulsa (utulsa.edu),
> >
> > My name is *&*&*&*&*&* and I hereby request to erase all personal data
> that you hold about me.
> > Please send me an email confirmation of the complete and permanent
> erasure of the personal data once you have completed the erasure process.
> > My personal details are:
> >
> > ·         Name: *&*&*&*&*&*&*
> > ·         Email: *&*&*&*&*&*&*&
> >
> > As evidence of my interaction with your company, I received an email on
> 2018 March 19 that indicates that you are holding personal data about me.
> > Companies: For additional context to complete this DSR, *&*&*&*&*&*&*&*&
> >
> > Thanks,
> > *&*&*&*&*&*&*&
> >
> > ____________________________________________
> >
> >
> > Ignoring the validity of the email, I’m curious to if anyone has any
> specific policies that deal with requests for erasure from a data subject,
> who are not otherwise under GDPR scope…..
> > Thanks all!
> >
> >
> >
> > -Jonathan
> >
> > ~
> > Jonathan Kimmitt
> > CISSP, FIP, CDPSE, CIPP/E, CIPM,
> > CIPT, GLEG, GPEN, GSNA, PCIP, CEH
> > Chief Information Security Officer
> > Information Technology
> > The University of Tulsa
> > 918.631.2743
> >
> > **********
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> >
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community