Support policy for accidental ingestion of sensitive data

Overview

Per the service agreement, customers are responsible for preventing the transmission of sensitive data (e.g., personally identifiable information, financial data) to Observe. If accidental ingestion occurs, Observe offers support to mitigate and remediate the issue. This policy outlines customer actions and the process for requesting data deletion.

Customer Actions to Mitigate Accidental Ingestion

To prevent further transmission and restrict access to sensitive data, customers should take the following steps before requesting deletion:

  • Stop Sending Sensitive Data: Immediately halt the transmission of sensitive data to Observe. Customers are responsible for implementing preventive measures.

  • Check Data Retention Settings: Verify if the sensitive data is within your configured retention period. Data will automatically be deleted once the retention period expires. Refer to Data Retention in Observe Documentation for details.

  • Apply Filters to Datasets: Create a worksheet with filters to identify sensitive data in logs, then add exclusion filters to datasets to make the leaked PII data un-queryable by users.

  • Implement RBAC Policies: Restrict access to datastreams or datasets by applying Role-Based Access Control (RBAC) policies, limiting queries to authorized users only.

Requesting Data Deletion

If sensitive data cannot be mitigated through the above steps, customers may request deletion via the Observe Support Portal. Deletion is a resource-intensive process, and customers are encouraged to use filters or RBAC policies to restrict access promptly.
To submit a deletion request, provide:

  • Confirmation that sensitive data ingestion has stopped.

  • Details of mitigation strategies applied (e.g., filters, RBAC policies).

  • Queries (e.g., Opal queries) identifying the sensitive data for each affected dataset or datastream with a time period <= 7d for each filter.

  • The total number of records to be deleted per dataset for verification.

  • Confirmation that the requester is an admin of the Observe deployment

Deletion Process and Timeline

The data deletion timeline depends on your level of support with Observe:

  • Standard support: Deletion requests are targeted for completion within 30 days of submission.

  • Premier support: Completion is targeted within 14 days of submission.

Deletion requests are processed as described below:

  • Deletions under 10,000 rows can be done surgically; 10,000 to 1 million require customer approval and cost assessment.

  • Deletions over 1 million rows are not supported; customers must use timestamp-based time-range deletions instead.

  • Deletions are based on coarse-grained timestamp filters, not precise query matches, potentially deleting more data than requested.

  • Support targets deletion completion within 30 days (standard) or 14 days (premier).

Important Notes

  • Customers should prioritize access controls (filters or RBAC) to prevent unauthorized access, as deletion may not be immediate.

  • Observe will confirm completion of the deletion process upon request.

  • For further assistance, contact us via the Observe Support Portal.