Announcements

All conversations in the Archive Forum are read only. For active conversations, please visit our All Forums page to post a topic or response.


Highlighted
New Contributor

How do I delete a file stored in Box and comply with data privacy requirements?

We are getting data as part of a data processing agreement with a third party. One of the conditions we will have is that we delete all data we have been given at the request of the data provider. The data is de-identified and the only way we can comply with a data subjects desire to have their data deleted is to remove all data and be issued with a new dataset by the data provider. If  the data is stored in Box how can we know that we have complied with the data processing agreement when and if we delete a dataset?

Highlighted
Box Employee

Re: How do I delete a file stored in Box and comply with data privacy requirements?

Hi @denispttrsn!

 

Please take a look at our Community Article on Managing Trash to get a better understanding of the differences between items in the Trash and items that are permanently deleted. Items that are moved to the trash have the option to be permanently deleted and will be unable to be accessed or recovered by any user.

 

I hope that this answers your question, but please let the community know if it doesn't! 

Highlighted
New Contributor

Re: How do I delete a file stored in Box and comply with data privacy requirements?

Hi @alexrm ,

 

Thanks for the reply.  Does the use in the statement "permanently deleted and will be unable to be accessed or recovered by any user" include privileged users? Is a deleted file unrecoverable or are there circumstances where by a file can be recovered? If so what are the circumstances and what privilege is required?

Highlighted
Box Employee

Re: How do I delete a file stored in Box and comply with data privacy requirements?

Hi @denispttrsn!

 

In this context, "users" means all users, included managed users, Co-Admins, and Admins. Once the file has been permanently deleted from the trash, there is no way for any user at any level to recover the file directly from within Box. There are circumstances by which Admins and Co-Admins can contact Box Product Support to recover a file that was permanently deleted within 14 days of its deletion, though we're unable to guarantee recovery after that time period.

 

If you wish to not have this recovery option be used, I recommend reaching out to your enterprise's CSM to add this to your notes as an extra precaution.

Highlighted
New Contributor

Re: How do I delete a file stored in Box and comply with data privacy requirements?

Hi @alexrm,

 

Thanks. So effectively the file is recoverable for 14 days by support and  effectively inaccessible once permanently deleted to all except support. After 14 days it is unrecoverable once permanently deleted. I think this meets the requirements for deletion from a privacy perspective while allowing for recovery from deletion mistakes.