Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.
Options

GDPR compliance - remove personal data from a user account from the API

Hi Panopto community,

The users in our platform are authenticated by Active Directory, thus their account contains some personal information, such as names, email, AD login…

In order to comply with GDPR requirements, I would like to programmatically remove this personal data. But I also want to be able to keep track of past activity, especially analytics, by relating each of these users to the unit they were part of.

One way to do so would be to anonymize users, for instance (by order of preference on my side)

  • by programmatically changing their personal data
  • or merging their account into a new, anonymous account
  • or merging their account into a common account for all former employees of a given unit.

There doesn't seem to be any API endpoint to do that. Has anyone here been able to industrialize GDPR compliance in one of the ways described above, or an alternative? If not, would it be possible for the API to include such a feature?

Thanks for your feedback!

Romain

Tagged:

Answers

  • Options
    Kevin BaumKevin Baum Panopto Employee

    Hi Romain,

    You can use Panopto's SOAP API to update a user's first name, last name, and email address using the IUserManagement.UpdateContactInfo endpoint. This will allow you to change the information for each user stored in Panopto.

    Since the user's data is being synced through an external provider, if that user logs back into Panopto through your Active Directory provider, the data may be updated again to match the incoming data from the Active Directory login. If the users do not log in again (if they are former employees for example), then their personal information should not change again after you use the API.

    I hope this helps. Please let me know if you have any other questions.

    Thanks,

    Kevin

  • Options

    Thank you Kevin. I was wondering if there was a similar implementation (or possibility of an implementation) through the REST API; everything else we're doing goes through the REST API so that would be much more convenient in our case. Maybe something hidden that is not documented? ;-)

Sign In or Register to comment.