eADM
eADM
Breadcrumbs

Deleting Personal Data and Activity History from Deactivated Users

When employees leave an organization, their user accounts are deactivated. These accounts remain in the system, containing personal information, until they are manually deleted. However, permanently deleting user accounts can cause significant problems.

This article explains the issues with permanent deletion and how the data purge feature offers a secure and practical alternative for managing the user accounts of former employees.


The challenge of deleting user accounts

Deleting a user account entirely is problematic for several reasons:

  • Prevents user restoration: If the former employee is rehired, their account cannot be restored using the same username and email address.

  • Creates a risk of identifier reuse: The system loses all history of critical identifiers such as usernames, User Principal Names (UPNs), and email addresses. This increases the risk that these unique identifiers could be accidentally reassigned to new users, causing conflicts.

At the same time, leaving deactivated accounts in the system indefinitely poses a security and privacy risk, as they contain a significant amount of personal data.


The data purge feature

To address this, we have developed a data purge feature that offers a better alternative to permanent deletion.

After a user account has been deactivated for a pre-configured number of days (the "quarantine period"), a purge process runs automatically. This process systematically removes sensitive personal data and historical logs while preserving the essential identifiers needed to prevent reuse.


What data is deleted?

The purge process removes the following information associated with the deactivated user account:

  • All personal data, except for the identifiers required to prevent reuse (username, employee ID, and email address).

  • A complete history of access rights that were granted, modified, or revoked.

  • A complete history of group memberships that were granted, modified, or removed.

  • A complete history of changes related to job titles, employment status, and leaves of absence.


How to enable the purge feature

We recommend that all customers use this feature to ensure compliance and good data hygiene.

To enable this feature, contact Identum Support and specify the quarantine period you require. We will then configure this setting for your environment.


Note: The quarantine period should be long enough to ensure that data, such as access history, is not deleted while it may still be needed for auditing or security reviews.