Sonian/Barracuda has made a recent change to the View Archive product.
The Change: Barracuda is removing the Deletion Tool from the View Archive.
What is the Deletion Tool?: This Deletion tool was added as a feature when GDPR came out to help enable customer’s compliance with GDPR. It enabled customers to delete individual emails from the archive. This feature was not on by default but could be requested to be turned on through our support team with multiple levels of approval. Customers will no longer be able to request activation of the deletion tool moving forward.
Why did we make this change?: After a recent compliance assessment performed by our Legal Team, it was determined that Barracuda needed to disable The Deletion Tool feature to maintain FINRA compliance with SEA Rule 17a-4(f)(2)(ii).
Will my customers still be GDPR Compliant?: We understand there may be concerns, here is our statement on the situation:
Under Article 17 of the GDPR, individuals have the right to have personal data erased in certain circumstances. The GDPR provides for certain exceptions, e.g., compliance with a legal obligation; establishment, exercise or defense of legal claims, and archiving purposes in the public interest. In any event, it is the controller which shall assess the appropriate exemptions and not Barracuda. The position taken by the UK Data Protection Authority (available here) is that the retention of personal data within an archive for a certain period of time until it is overwritten should not pose a significant risk provided that the data stored in the archive are put “beyond use”. Ultimately however, this analysis should remain under the responsibility of the customer, acting as Controller, and Barracuda is unable to provide guidance on the use of the customer’s archived data and the appropriate exemptions to the right to erasure.
What action do I need to take:
For the majority of clients, there is no additional action required. If a client does have concerns, especially around GDPR, direct them to the UK Data Protection Authority guidelines, linked above, for GDPR requirements describing “Beyond Use” exceptions. They will need to assess their risk or ability to meet those requirements.
Please Note: This was not a feature that was visible on any customer's archive dashboard. In the past if a customer had a need to remove a message from the archive Sonian would require a letter from the CEO or legal representative of the company requesting this as well as acknowledging that the archive would no longer be compliant. Once received Sonian would then be able to turn this functionality on from their side which enabled the customer to delete messages. Once the customer was finished Sonian would then disable that functionality.
Carlos Rios
Comments