Skip to main content
All CollectionsIntegrationsPeople Integration
PlusPlus User Deprovisioning and Data Management Guide
PlusPlus User Deprovisioning and Data Management Guide

User Deprovisioning and Data Management overview

Michael Wallace avatar
Written by Michael Wallace
Updated over 9 months ago

Overview

This guide provides detailed insights into the user deprovisioning process on PlusPlus, highlighting the steps taken to manage user access and ensure data privacy and compliance. It is designed to assist administrators in navigating the platform's settings and processes related to user data handling.

User Deprovisioning Process

Immediate Actions Following User Removal

Upon the removal of a user through people integration, PlusPlus takes several immediate steps to comply with GDPR and other data protection regulations:

  • Anonymization of User Data: To comply with GDPR, we anonymize the user's Personal Identifiable Information (PII), such as their name and email address. This means that while the user's data remains on the platform, it is stripped of any identifying details, differentiating from deletion where all user data is removed.

  • Event and Program Unenrollment: Users are automatically withdrawn from future events and programs. Specifically:

    • Upcoming sessions they were hosting are deleted.

    • They are unenrolled from all future sessions they planned to attend, making these spots available to other users.

    • They are removed from roles as presenters, organizers, or co-organizers in upcoming events.

Transition Period Before Full Deprovisioning

After the SCIM integration notifies us of a user's status change, the user immediately loses access to PlusPlus. However, their account is not instantly deprovisioned. We enforce a default quarantine period of 7 days, which administrators can adjust in Settings > Privacy, to allow for any necessary adjustments or reviews before finalizing the deprovisioning.

Managing Personal Identifiable Information Post-Termination

In alignment with data protection standards, we ensure that an employee's PII is securely deleted within a maximum of 30 days following their termination. This practice safeguards personal data and supports our commitment to privacy and compliance.

Distinction Between Deprovisioning and Deletion

It's important to understand the difference between deprovisioning and deletion. Deprovisioning involves making a user's PII anonymous within the platform, effectively obscuring their identity without erasing their historical data. This allows for continued access to engagement records and reporting accuracy. In contrast, deletion permanently removes all traces of a user from PlusPlus. This action is generally reserved for when a customer fully exits the platform.

Administrators can verify their current settings regarding user deprovisioning versus deletion in the Security > Privacy section of the admin settings. This section also details how access to PlusPlus is managed following the disabling of a user's login capabilities by an SSO provider, including the retention period for the user's PII.

Engagement Records of Deprovisioned Users

To maintain accurate reporting and insights, PlusPlus retains the engagement records of deprovisioned users. This approach ensures that historical data, such as course completions, remains intact and reflective of actual user engagement. Administrators can access this data by filtering for terminated users, using the employee ID to locate specific records.

Calendar Events Ownership Post-Deprovisioning

If calendar integration is active, special consideration is given to the ownership of calendar events. To prevent outdated or duplicated calendar events following a user's deprovisioning, PlusPlus automatically reassigns event ownership according to a set hierarchy: Organizer, Co-organizers, and Presenters. A fallback email for event ownership can also be configured in Settings > Calendar Integrations, ensuring that events remain up-to-date and accessible.

Conclusion

This guide outlines the processes and considerations for user deprovisioning and data management on PlusPlus. By following these guidelines, administrators can effectively manage user access, ensure compliance with data protection regulations, and maintain the integrity of engagement data and reporting. For additional support or clarification on these processes, administrators are encouraged to consult PlusPlus Data Policy or contact [email protected].

Did this answer your question?