Data Privacy - Redact Functionality

Important: This feature is available to Level 1 users only.

In RiskRate, Level 1 (administrator) users have the ability to redact personally identifiable information (PII) found in “Person” third party entities, as well as Additional Entities. Please note the following regarding the redact functionality:

  • Functionality must be turned on per customer (contact NAVEX Customer Support by submitting a request in the Community to enable)
  • Currently applies to Person-type third parties only

Redact Third Party Person

Important: All reports must be finalized for a third party person before they can be properly redacted. If necessary, see “View, Modify, or Delete (Cancel) a Screening Request” to delete/cancel a screening prior to redaction.

The following actions occur after confirming the third party Person redaction:

  • Third party is inactivated
  • Monitoring is turned off for the third party and for any additional entities entered into any screening requests for this third party
  • Third party is disassociated from the third party contact
  • All report PDFs are deleted

    Note: A history of the reports remains for invoice purposes

  • All uploaded Files are deleted
  • All existing Notes are deleted

    Note: A new Note is added to describe the redaction

  • All Task Assignments are deleted
  • All Messages are deleted
  • All existing audit information is deleted

    Note: A new audit record is added to describe the redaction

  • Third party information is redacted, except for “Third Party ID”
  • Additional Entity information is redacted, including any associated report(s)

A third party person can be redacted directly from the My Third Parties grid, or from the Edit Third Party page.

 

To redact from the My Third Parties grid:

  1. From the sidebar menu, click Third Parties.
  2. Click next to the Third Party to redact and then select Redact Entity.

  3. Click Redact at the confirmation window that displays.

    A success message displays at the top of the screen. The third party person is redacted.

    You can click the Third Party Name and it will show that the third party has been redacted. See below for an example of a profile before and after redaction.

To redact from the Edit Third Party page:

  1. From the My Third Parties grid, click the Third Party Name of the person, and then click the edit icon .

    The Edit Third Party Information displays.

  2. Click Redact Third Party, which is located at the bottom of the page:

  3. Click Continue to confirm.

The third party person is redacted. See the following example of a profile before and after redaction.

Example

Below is an example of a third party person profile before and after redaction.

  • Before redaction, the third party person “John R Doe“ had 1 requested report, 1 uploaded report, 1 task, 2 notes, 1 uploaded file, 1 message thread, and 0 additional entities (see the badge counts for each). Additionally, the user can click on the Report Status links to view the report PDFs:

  • Before redaction, John R Doe’s profile is populated with all data points available, including address information, additional information, and contact information:

  • After redaction, the PII fields are redacted with ‘*****’, the Third Party ID is left intact, the profile cannot be edited (no edit icon), and even though there is a list of the requested reports, there is no longer a link to the associated PDFs:

  • Also, after redaction, the Files, Tasks, Messages are deleted (badge counts are zero). Any existing Notes are also deleted, but new Notes describing the redaction are added:

  • Before redaction, this is how the third party appears in the My Third Parties grid:

  • After redaction, this is how the third party appears in the My Third Parties grid:

Redact Additional Entities

In addition to being able to redact a "Person" third party entity, Level 1 users can also redact "Person" Additional Entities. These are found in the Third Party Details page on the Additional Entities tab, as well as the Additional Entities page (see Use the Additional Entities List for more information).

The following actions occur after confirming the Additional Entity redaction:

  • Monitoring is turned off and all PII is removed for the selected additional entity
  • RiskRate generated reports related to this entity are deleted, although you will still be able to see which reports were requested
  • Uploaded files and reports related to this entity are deleted
  • If any of the deleted reports include other entities, they will continue to be monitored
  • Entity information is redacted

To redact Additional Entities from the tab:

  1. From the My Third Parties grid, click the Third Party Name of the person.
  2. Click the Additional Entities tab. The tab shows the number of Additional Entities for the third party.
  3. Click next to the Additional Entity to redact.

    Note: Disable Monitoring will not appear if the third party or person is not currently monitored.

  4. To proceed, click Redact Entity. A confirmation window displays.
  5. Click Continue to proceed. Otherwise, click Cancel.

    Once redacted, it will look like the example below:

To redact from the Additional Entities page:

  1. From the sidebar menu, click Additional Entities.
  2. Click the icon next to the Entity Name and then select Redact Entity.

    Note: The icon will not appear if there are no actions that can be taken (e.g., the entity already been redacted, monitoring is already disabled, and entity cannot be connected due to permission or feature level).

  3. From the Redact Additional Entity confirmation that displays, click Redact. Otherwise, click Cancel.

    A success message displays at the top of the screen. The page refreshes with the additional entity no longer visible.