Skip to main content
Skip table of contents

Purging Personal Data and History from Deactivated Users

When employees leave an organization, their user accounts are deactivated. These accounts remain in the system, containing personal information, until they are manually deleted. However, permanently deleting user accounts can create significant issues.

This article explains the problems with permanent deletion and how the data purge feature provides a secure and practical alternative for managing the user accounts of former employees.

The challenge with deleting user accounts

Completely deleting a user account is problematic for several reasons:

  • Prevents user restoration: If the former employee is rehired, their account cannot be restored with the same username and email address.

  • Creates risk of identifier reuse: The system loses all history of critical identifiers like usernames, User Principal Names (UPNs), and email addresses. This increases the risk that these unique identifiers could be accidentally reassigned to new users, causing conflicts.

At the same time, leaving deactivated accounts in the system indefinitely is a security and privacy risk, as they store a significant amount of personal data.

The data purge feature

To solve this, we have developed a data purge feature that serves as a better alternative to permanent deletion.

After a user account has been deactivated for a pre-configured number of days (the "quarantine period"), a purge process automatically runs. This process systematically removes sensitive personal data and historical logs while preserving the essential identifiers needed to prevent reuse.

What data is removed?

The purge process removes the following information associated with the deactivated user account:

  • All personal data, except for the identifiers required to prevent reuse (username, employee ID, and email address).

  • All history of access rights that were granted, modified, or removed.

  • All history of group memberships that were granted, modified, or removed.

  • All history of changes related to positions, employment status, and leaves of absence.

How to enable the purge feature

We recommend that all customers use this feature to ensure compliance and good data hygiene.

To enable it, contact Identum Support and specify the quarantine period you require. We will then configure this setting for your environment.

Note: The quarantine period should be long enough to ensure that data, such as access history, is not deleted while it may still be needed for auditing or security reviews.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close