Deleting personal data

OneSpan Risk Analytics provides the PL/SQL procedure DeletePersonalData to delete data stored in the OneSpan Risk Analytics database.

This data comprises all the personal data of a digital banking service user:

  • Information on the relationship, i.e. the user of the digital service.
  • Information on the relationship accounts.
  • All events, transactions, and non-monetary events received from this relationship.
  • Information on the events related to this relationship, and the rule processing applied to those events (matches, executed workflows, decision actions etc.).
  • All alerts generated by events received from this relationship.
  • All actions taken via the OneSpan Risk Analytics (alerts completion and status, memo etc.) for this relationship.
  • All machine learning factors extracted from events received from this relationship.

Deleting personal data

To delete personal data

  1. To delete personal data for a user of the digital banking service, enter execute DeletePersonalData('[LAB_SEC]', '[REL_REF]');

    where [LAB_SEC] is the label security, i.e. the name the OneSpan Risk Analytics environment, and [REL_REF] is the relationship reference of the relevant user.

    execute DeletePersonalData( 'CORP99', 'RS02_20180509175325');

  2. To confirm the data deletion, use the COMMIT command.

    The result of this procedure is the number of rows deleted in each affected table.

The following SQLPlus script sample connects to the OneSpan Risk Analytics database, deletes the data for the digital banking user belonging to the label security provided as an input parameter, commits the changes, and exits.

Deletedata.sql:

  1. SET SERVEROUTPUT ON
  2. EXECUTE DeletePersonaldata('&1','&2');
  3. COMMIT;
  4. DISCONNECT
  5. EXIT

Command line:

sqlplus IRM/irm@localhost:1521/orcl @deletedata.sql DBANK Custo2 > delcusto2.txt

In this example, the command executes the deletedata script for a digital banking user referenced by Custo2 in the DBANK environment; the Oracle connection uses the IRM user and irm password, on port 1521 for SID orcl. The output information is written to the delcusto2.txt file.

Affected tables

Personal data is deleted from the following tables:

  • BENEFICIARY
  • CORP_BANKING_FACTORS
  • CORPORATE_USER
  • CUSTOMER
  • DEVICE
  • EVENT
  • E_BANKING_FACTORS
  • M_BANKING_FACTORS
  • PT_ACCOUNTS
  • PT_APPLICATIONS
  • PT_DECISION_CAMPAIGN_AUDIT
  • PT_DECISION_DIVISION_AUDIT
  • PT_DECISION_HIERACHY_INSTANCE
  • PT_DECISION_LOOKUP_RECORDS
  • PT_DECISION_MATCHES
  • PT_DECISION_RULE_AUDIT
  • PT_IAS_NOTIFICATION
  • PT_NON_MON_EVENTS
  • PT_Q_RECORDS
  • PT_Q_REJECTS
  • PT_RELATIONSHIPS
  • PT_SR_CODES
  • PT_TXN
  • PT_TXN_STAGING
  • PT_USER_EVENTS

Related Tasks

Encrypting Data at Rest

Encrypting Data in Transit

Deleting the Log File

Exporting Personal Data

Additional references

The General Data Protection Regulation (GDPR)