Delete data when the user no longer works at the company or anonymize it.

itspezi1
Tera Guru

Hello everyone, how can we delete or anonymize the data if an employee leaves the company or makes a request to delete the data. Who has experience here?

5 REPLIES 5

dmathur09
Kilo Sage
Kilo Sage

Hi itspezi,

It is not recommended to delete the data in Servicenow. As the per the best practice what organization follow is that, whenever an employee leaves his/her account has been inactivated and all the roles and groups needs to be removed. So that he no longer can access his instance.

Regards,

Deepankar Mathur

yes, how is the personal data made anonymous or deleted?

The issue with deletion of record is that, in case you create a record like an incident record, in the case of deletion of user, the caller field will become empty since the user record was deleted and reporting will be affected.

I would suggest to restrict the user data records to nobody. Like create an ACL with the condition if the user record is inactive put the roles as nobody. Hence no one even admins will be able to see the data once the user record becomes inactive. 

Hope this information will be helpful.

Regards,

Deepankar Mathur

Robert Smith
Tera Expert

I've seen this implemented and have some thoughts that I can share.  

  • Delete is not toes over the edge, it is falling and gone. It is a better practice to inactivate a record if possible. Besides, "audits"... (already explained well by @Deepankar Mathur )
  • When a request is made, it would be good to have someone responsible and accountable to click the I understand I'm going to nuke someone's account button, and they practice this and see what happens in a test environment before pushing to prod. 
  • If possible get more than one of the above. 
  • After approval, in the workflow build out your logic to remove groups/roles as needed. As removing these records (deleting) is normal behavior on the sys_user_grmember and sys_user_has_role tables, but... remove records in that order. Inactivate the user account, reset/scramble the password, set locked out to true. 
  • Also note, be sure to only remove the records for the said user in the above-mentioned tables, otherwise, prod will be on fire after dropping all the groups for everyone. 
  • Then add catalog tasks to send to the service desk or group responsible to double down on checking this. 
  • Finally, send notifications to whoever needs them once the request has been completed. 
  • During the whole process, log your steps into the main record programmatically if possible, for example, if this was a standard request it would be on the sc_req_item table. 

Sadly some of the above lessons were hard learned, but the goal here is to express the importance of testing and providing fail-safes for yourself in the code to do these actions. 

Hope this helps