Right to be Forgotten - rtbf.exe

Name

rtbf - YSoft SafeQ 6 GDPR Right to be Forgotten CLI

Synopsis

rtbf [-u login] [-n] [-r] [-V] [-l logFileName] [--log-file-trace logFileName] [--log-file-debug logFileName] [--log-file-info logFileName] [--log-file-warning logFileName] [--log-file-error logFileName] [--log-file-critical logFileName] [--version]

Description

YSoft SafeQ 6 - GDPR Right to be Forgotten CLI. Allows an administrator to execute a Data Subject's right to be forgotten. The program works by anonymizing all references to structured and unstructured data within the YSoft SafeQ 6 databases related to the user. The application must be run on one of the YSoft SafeQ 6 Management servers, as it references the configuration files to connect to the database.

Tables impacted include:

  • Print Jobs: Job titles, file names, and origins will be changed to <DELETED>. Favorited jobs will be un-favorited.

  • Cards: Cards and PINs associated with the Data Subject will be removed.

  • Aliases: Any aliases will be removed.

  • PIN History: If PIN history is enabled, all records of a Data Subject's PIN history will be removed.

  • Roles: If the Data Subject has any roles specifically associated with them, they will be disassociated from them

  • Terminal Accesses: Any records of accessing terminals will be removed.

  • Email Stats: Any scheduled statistics and counter reports to be sent to the data subject will be removed.

  • Data Warehouse: References to the Data Subject in the Data Warehouse and the DataMart will be anonymized

  • User: Name, surname, home directory, email, password (if relevant), extended ID, and notes will be cleared out. The login will be anonymized, and the source

The Data Subject's user login is anonymized, but still unique. All anonymized users will have a login of "DELETED_" followed by a large random number. Due to the uniqueness of each customer environment and identity management systems, it may still be possible to identify a Data Subject using knowledge aggregated from systems outside of YSoft SafeQ. As an example, a user may be the only member of a Cost Center, or may have been known to be the only person to print at a specific time.

Records in log files on YSoft SafeQ servers will not be anonymized. However, the logs will be rotated out and the user will eventually have their data removed. Any previously exported reports will also not be anonymized.

Options

-n, --no-prompt Do not prompt for confirmation

-u, --user <login> User to remove from the system

-r, --random-retries <Number> The number of times to generate a random number until failure. Default 1000.

-V, -VV, -VVV Increase logging level to (-V) INFO, (-VV) DEBUG, or (-VVV) TRACE.

-l, --log <logFileName> Specify the log file where output will be sent

--log-file-trace <logFileName> Specify the log file where trace level logging will be sent

--log-file-debug <logFileName> Specify the log file where debug level logging will be sent

--log-file-info <logFileName> Specify the log file where info level logging will be sent

--log-file-warning <logFileName> Specify the log file where warning level logging will be sent

--log-file-error <logFileName> Specify the log file where error level logging will be sent

--log-file-critical <logFileName> Specify the log file where critical level logging will be sent

--version Print version and exit

Running in unattended mode

rtbf -n -u <login>

If a batch of requests need to be processed, the above statement will not require any prompt to complete the action, and will supply the name. Specifying a log file will allow an Administrator to check on the success or failure of each individual request by using the -l <logFIleName> attribute.