Removing Deactivated User PII

Overview

General Data Protection Regulation (GDPR) adherence raises the possibility that Secret Server users may make a data removal claim against a Secret Server administrator. This requires removing any personally identifiable information (PII) in Secret Server for that individual.

To address this, Secret Server has a button that automatically removes most PII for any deactivated user.

Removing the PII

  1. Remove the user from Active Directory (AD). See Active Directory Considerations below.

  2. In Secret Server, go to Administration > User Management and select the Users tab.

  3. Click the user name link for the desired user. The View User Page appears.

  4. Click the Remove Personally Identifiable Information button. A confirmation dialog box appears.

    Once you confirm, the user cannot log on to Secret Server. Click the Cancel button if you are not positive this is what you want to do.

    Clicking the OK button will change these to random values or set them to null:

    • Username
    • Display name
    • Password
    • Personal folder name
    • Personal group name
    • RADIUS username

    In addition:

    • The user's AD GUID is cleared
    • The user's email address is removed from their record
    • The user's name is replaced with "<redacted>" in event audits where it can be clearly identified.
    • The PII removal is recorded in the user's audit

  5. Click the OK button. The removal begins. Once complete, the Remove PII button disappears for that user.

  6. (Optional) Run a query that scans the entire Secret Server database for the removed strings. You may want to do this because the process cannot find all potential instances of USER PII throughout Secret Server, such as that in secret names or notes.

You can create an Event Subscription to "remove user PII" events.

Active Directory Considerations

We recommend removing the user from AD before removing the PII. If you remove the PII without first removing the user from AD, the user is reintroduced into Secret Server on subsequent AD synchs. This creates a new user account in Secret Server, which might require you to disable this new user account and remove its PII too (after removing the AD user).