Support Policy for Accidental Ingestion of Sensitive Data

Overview

Per the service agreement, customers are responsible for preventing the transmission of sensitive data (e.g., personally identifiable information, financial data) to Observe. If accidental ingestion occurs, Observe offers support to mitigate and remediate the issue. This policy outlines customer actions and the process for requesting data deletion.

Customer Actions to Mitigate Accidental Ingestion

To prevent further transmission and restrict access to sensitive data, customers should take the following steps before requesting deletion:

  • Stop Sending Sensitive Data: Immediately halt the transmission of sensitive data to Observe. Customers are responsible for implementing preventive measures.

  • Check Data Retention Settings: Verify if the sensitive data is within your configured retention period. Data will automatically be deleted once the retention period expires. Refer to Data Retention in Observe Documentation for details.

  • Apply Filters to Datasets: Create a worksheet with filters to identify sensitive data in logs, then add exclusion filters to datasets to make the leaked PII data un-queryable by users.

  • Implement RBAC Policies: Restrict access to datastreams or datasets by applying Role-Based Access Control (RBAC) policies, limiting queries to authorized users only.

Requesting Data Deletion

If sensitive data cannot be mitigated through the above steps, customers may request deletion via the Observe Support Portal. Deletion is a resource-intensive process, and customers are encouraged to use filters or RBAC policies to restrict access promptly.
To submit a deletion request, provide:

  • Confirmation that sensitive data ingestion has stopped.

  • Details of mitigation strategies applied (e.g., filters, RBAC policies).

  • Queries (e.g., Opal queries) identifying the sensitive data for each affected dataset or datastream with a time period <= 7d for each filter.

  • The total number of records to be deleted per dataset for verification.

  • Confirmation that the requester is an admin of the Observe deployment

Deletion Process and Timeline

  • Standard Support: Deletion requests are targeted for completion within 30 days of submission.

  • Premier Support: Completion is targeted within 14 days of submission.

  • Record Limits: Requests to delete fewer than 10,000 records will be processed as standard. For requests exceeding 10,000 records, Observe will assess feasibility, estimate costs, and seek customer approval for bearing the labor/computing cost, before proceeding. Beyond 10K records, Observe would request a time period where all records in that period will be removed instead of just targeted records.

Important Notes

  • Customers should prioritize access controls (filters or RBAC) to prevent unauthorized access, as deletion may not be immediate.

  • Observe will confirm completion of the deletion process upon request.

  • For further assistance, contact us via the Observe Support Portal.