Handling Personally Identifiable Information

What are best practices and patterns available within Fauna to handle PII and related actions which would be taken? For example with GDPR we have “right to be forgotten” in which case we would need to delete all, including historic, references to names/addresses/etc in our data sources (aka. Fauna). Is there a way of easily tagging such documents and fields and easily wiping historic data? I’m particularly interested here in relation to temporal queries.

Hi Chris,

I don’t know of an officially recommended way to handle this, but some things you might do would be:

  • Include an attribute of {gdpr: [true|false]} on your documents, allowing you to match any that have that set to true for special handling. You don’t need to include ones that will be false as null values would be skipped in the next step, but definitely set any that do need GDPR compliance with true.
  • For any documents with {gdpr: true}, use Events() to get a list of all events on the document and then use Remove() to remove that history.

Please see our documentation on temporality and both Events() and Remove() for more details.