Educause Security Discussion mailing list archives
Re: Requests for record/data erasure
From: Jerry Tylutki <jtylutki () HAMILTON EDU>
Date: Mon, 1 Feb 2021 14:37:57 -0500
We fall in the category of responding with a GDPR template message asking for a GDPR compliant erasure request specifying the data fields to be deleted, relationship with the college, and proof of identity. No responses to date following the saymine requests. But I can appreciate the question. I received a request to stop snail-mail communication to an address through the PaperKarma app. There is no legal precedent to delete this (to my knowledge, IANAL); it becomes a moral/ethical question of what we can do when we receive requests. I see where Jonathan is looking - we are all going to see data privacy begin to become a much bigger part of our jobs, and understanding how other institutions are handling these requests is a great part of the conversation now. *-------* *Jerry TylutkiInformation Security Officer* *Hamilton College* *(315) 859-4289 -- office* ******The contents of this email are CONFIDENTIAL. If you have received this email by mistake, please notify the sender and delete the email and its contents.****** On Mon, Feb 1, 2021 at 2:32 PM Laura Raderman <lraderman () cmu edu> wrote:
We simply respond with “what law are you asking us to erase your data under?” And we haven’t heard any followup response from any of them…. Laura Raderman ISO Policy & Compliance Coordinator Carnegie Mellon University lraderman () cmu eduOn Feb 1, 2021, at 2:15 PM, Kimmitt, Jonathan <jonathan-kimmitt () UTULSA EDU> wrote:Hi all, We are receiving an increasing amount of ‘data erasure requests’, andI am wondering how other .edu’s are handling….One of the emails that we are specifically receiving is: ____________________________________________ Hello Utulsa (utulsa.edu), My name is *&*&*&*&*&* and I hereby request to erase all personal datathat you hold about me.Please send me an email confirmation of the complete and permanenterasure of the personal data once you have completed the erasure process.My personal details are: · Name: *&*&*&*&*&*&* · Email: *&*&*&*&*&*&*& As evidence of my interaction with your company, I received an email on2018 March 19 that indicates that you are holding personal data about me.Companies: For additional context to complete this DSR, *&*&*&*&*&*&*&*& Thanks, *&*&*&*&*&*&*& ____________________________________________ Ignoring the validity of the email, I’m curious to if anyone has anyspecific policies that deal with requests for erasure from a data subject, who are not otherwise under GDPR scope…..Thanks all! -Jonathan ~ Jonathan Kimmitt CISSP, FIP, CDPSE, CIPP/E, CIPM, CIPT, GLEG, GPEN, GSNA, PCIP, CEH Chief Information Security Officer Information Technology The University of Tulsa 918.631.2743 ********** Replies to EDUCAUSE Community Group emails are sent to the entirecommunity list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Requests for record/data erasure Kimmitt, Jonathan (Feb 01)
- Re: Requests for record/data erasure Francisco Chavez (Feb 01)
- Re: Requests for record/data erasure Kimmitt, Jonathan (Feb 01)
- Re: Requests for record/data erasure Laura Raderman (Feb 01)
- Re: Requests for record/data erasure Jerry Tylutki (Feb 01)
- Re: Requests for record/data erasure Francisco Chavez (Feb 01)