Procedure for Encrypted Archive and Account Deletion

  1. Purpose
    This policy sets guidelines for managing an encrypted "Archive" to temporarily store deleted accounts before final disintegration, ensuring secure handling of Jobbrew’s healthcare pool database data. Access to the Archive is restricted to the Super Admin, with all data permanently deleted after the retention period.

  2. Scope
    Applies to all deleted accounts in Jobbrew's database, including automated deletions of inactive accounts and user initiated deletion requests. This policy ensures a secure, compliant, and transparent data removal process.

  3. Policy

    • Encrypted Archive Design: Deleted accounts are securely stored in the encrypted Archive until permanent disintegration, accessible only to the Super Admin.

      Access Control: Only the Super Admin can access or restore data from the Archive, overseeing Archive monitoring and data deletion deadlines.

    • Encryption Standards Data Security: Archive data is encrypted with AES 256 or higher, ensuring protection against unauthorized access.

      Audit Trail: Access logs, including attempts to view or restore data, are automatically recorded for compliance.

    • Inactive Account Deletion Definition: Accounts inactive for one year are marked as inactive and flagged for deletion.

      Notification: Users are notified 30 days before deletion, allowing login to retain their account if desired.

    • User Initiated Deletion Requests Request Process: Users can request deletion by emailing admin@jobbrew.com with name, contact info, and account details. Identity verification is required before processing.

      Retention and Deletion: Upon request, accounts enter a 30 day Archive retention period, after which the Super Admin initiates secure deletion.

    • Permanent Data Disintegration Automatic Disintegration: After 30 days, archived data is permanently deleted using secure deletion methods, ensuring irretrievability.

      Methods: Data overwriting and purging of residuals from storage are employed.

      Disintegration Logs: A log of disintegration details is automatically generated for compliance.

  4. Procedure

    • Inactive Account Management Inactive Accounts: Accounts inactive for 12 months are marked for deletion.

      Notification Process: Users are notified 30 days in advance and may log in to retain their account.

      Deletion: Without action within 30 days, the account undergoes permanent disintegration.

    • User Initiated Deletion Request Verification: Upon verification, user deletion requests move accountsto the Archive for a 30 day retention period.

    • Permanent Disintegration Final Deletion: Post retention, data in the Archive is irreversibly deleted.

    • Audits and Reporting Audit Log: Archive activities, deletion requests, and disintegration events are logged automatically to ensure compliance.

  5. Compliance and Enforcement
    Non-compliance may result in disciplinary action, including access revocation, termination, or legal consequences.

  6. Related Policies and References
    HIPAA Privacy and Security Rules
    GDPR Guidelines

  7. Review and Revision
    This policy will be reviewed annually or as necessary to reflect regulatory or organizational changes.
    This streamlined policy clarifies inactive account deletion procedures, encryption standards, and secure data management to enhance compliance and transparency.