Legal Entities Anonymization
This topic shows how to anonymize legal entities for the General Data Protection Regulation (GDPR).
The anonymization function allows meeting GDPR’s “right to erasure” obligations by providing the following features:
| • | Anonymizing personal data |
The anonymization function allows deactivating legal entities, contact information and legal entity attributes. When personal data is anonymized, users can no longer apply actions to related trades, transfers or messages. The messages related to an anonymized contacts cannot be accessed.
| • | Cleaning up database tables containing personal data |
Audit information related to personal data is anonymized in the database tables.
| • | Providing audit for anonymized data |
Log entries are kept for anonymized data. These entries provide the ENTITY_ID, CLASS_NAME, ANONYMIZING_DATE, ANONYMIZING_USER_NAME, and APPROVER_USER_NAME.
| • | 4-eye principle/authorization of personal data anonymization |
Once data is anonymized, it cannot be reversed. It is recommended to use authorization for additional control.
Recommendations
Before the anonymization process, it is important to determine data that needs to be archived (moved to the HIST tables) and those requiring deletion. Personal data should only be anonymized if the data is no longer essential for performing daily activities. To easily identify legal entities in the system, it is recommended to set the legal entity status to deactivated and/or set an inactive date. Deactivation and inactivity information should come from the compliance department.
Archiving and purging is a requirement for anonymizing legal entities with the role counterparty. To maintain database integrity, existing trades related to a legal entity will be blocked during anonymization. Legal entity contacts and attributes can however be anonymized without archiving/purging related trades.
The recommended archival/purging process is to first move trades into an expired or matured status, and archive the trades based on the bank’s criteria. Archiving data is beneficial for reducing database size and improving performance.
A condition for archiving trades, via the scheduled task ARCHIVE_TRADE, is that there is no related entry in the liq_position or trade_open_qty table. These tables, liq_position or trade_open_qty, are archived using the ARCHIVE_POSITION scheduled task.
For more information related to the archiving/purging process visit the Calypso Archiving documentation.
1. Setup Requirements
1.1 Report Types
After installation, the following values should be available in the "REPORT.Types" domain:
| • | LEAttributesAnonymizing |
| • | LEContactAnonymizing |
| • | LegalEntityAnonymizing |
1.2 Anonymized Fields Configuration
The fields to be anonymized in a legal entity or LE contact need to be defined in the domains "leContactAnonymizedFields" and "legalEntityAnonymizedFields" as needed.
Examples for domain "leContactAnonymizedFields":
| • | firstName |
| • | lastName |
| • | email or addressMethod.EMAIL |
| • | comment |
| • | fax or addressMethod.FAX |
| • | telex or addressMethod.TELEX |
| • | phone |
| • | zipCode |
| • | state |
| • | city |
| • | address or addressMethod.MAIL |
| • | addressMethod.SWIFT |
| • | addressMethod.XXX for any address method defined in the addressMethod domain values |
| • | externalRef |
Examples for domain "legalEntityAnonymizedFields":
| • | shortName |
| • | fullName |
| • | parent |
| • | comment |
| • | externalRef |
No configuration is required for LE attributes - You can select the attributes to be anonymized in the tool - See below for details.
1.3 Access Permissions
You need the following access permissions:
| • | ModifyLegalEntity - Permission to modify legal entities of any status, or ModifyLegalEntityDisabled, ModifyLegalEntityEnabled, ModifyLegalEntityPending if you are using those instead. |
| • | ModifyLEContact - Permission to modify LE contacts |
| • | AddModifyLEAttribute - Permission to create and modify LE attributes |
| • | AuthorizeLegalEntityAnonymity - For accepting legal entity anonymizations |
| • | AuthorizeLEContactAnonymity - For accepting LE contact anonymizations |
| • | AuthorizeLEAttributeAnonymity - For accepting LE attribute anonymizations |
To create an authorization task for anonymizing, you need to add the following domain values and run the system in Authorization mode (highly recommended for this tool):
Domain exceptionType, Value = ANONYMIZING_AUTH
Domain eventType, Value = EX_ANONYMIZING_AUTH
2. Legal Entity Anonymization
Bring up the report for menu action reporting.ReportWindow$LegalEntityAnonymizing.
| » | Enter at least one search criteria and click  . The search criteria are defined below. |
| » | To anonymize the legal entities, check the Select checkbox and click Anomymize Selection. |
The legal entities become deactivated and you can no longer apply actions to related trades, transfers or messages.
Audit information related to personal data is anonymized in the database tables.
Ⓘ [NOTE: To prevent loss of essential information legal entities can only be anonymized if the related positions are closed and trades are no longer available in the system, that is, trades have been archived and purged]
In Authorization mode, an authorization task EX_ANONYMIZING_AUTH is published to the Task Station and it must be approved for the anonymization to take effect.
Ⓘ [NOTE: The anonymization cannot be undone]
| Fields | Description |
|---|---|
| Legal Entity | Select one or multiple legal entities to be anonymized. |
| Status | Select the status of the legal entities. |
| Inactive As From |
Enter the number of days that the legal entities have been inactive (based on legal entity Inactive As From field). |
| Country |
Select the country of the legal entities. |
| Anonymized Data |
Clear to load legal entities that are not yet anonymized, or check to view legal entities that have been anonymized. |
After legal entity anonymization, the legal entity name is replaced by a code.
Example of legal entity in a legal agreement before and after anonymization:
Associated SDIs are anonymized if the legal entity is a Beneficiary, Agent, Intermediary or Intermediary 2.
The SDI attributes are anonymized as well if the legal entity is a Beneficiary.
The Effective To date is set to the anonymization date.
Associated accounts are anonymized with their account attributes.
The Active To date is set to the anonymization date.
3. LE Contact Anonymization
Bring up the report for menu action reporting.ReportWindow$LEContactAnonymizing.
| » | Enter at least one search criteria and click . The search criteria are defined below. |
| » | To anonymize the LE contacts, check the Select checkbox and click Anomymize Selection. |
You can no longer view messages associated with these LE contacts.
Audit information related to personal data is anonymized in the database tables.
In Authorization mode, an authorization task EX_ANONYMIZING_AUTH is published to the Task Station and it must be approved for the anonymization to take effect.
Ⓘ [NOTE: The anonymization cannot be undone]
| Fields | Description |
|---|---|
| Legal Entity | Select one or multiple legal entities, which LE contacts should be anonymized. |
| Status | Select the status of the legal entities. |
| Inactive As From |
Enter the number of days that the legal entities have been inactive (based on legal entity Inactive As From field). |
| Country |
Select the country of the legal entities. |
| Contact Type | Select the contact type. |
| Effective Date | Enter the contact effective date. |
| Anonymized Data |
Clear to load LE contacts that are not yet anonymized, or check to view LE contacts that have been anonymized. |
After LE contact anonymization, the contact information is replaced with a code and the effective date is set to the anonymization date.
For new trades, only SDIs with effective LE contacts are used.
For existing trades, users cannot view messages related to anonymized LE contacts.
4. LE Attribute Anonymization
Bring up the report for menu action reporting.ReportWindow$LEAttributesAnonymizing.
| » | Enter at least one search criteria and click . The search criteria are defined below. |
| » | To anonymize the LE attributes, check the Select checkbox and click Anomymize Selection. |
Audit information related to personal data is anonymized in the database tables.
Ⓘ [NOTE: LE attributes are expected to be anonymized along with the relevant LE contact, as such, LE contact anonymization impacts also influence LE attributes]
In Authorization mode, an authorization task EX_ANONYMIZING_AUTH is published to the Task Station and it must be approved for the anonymization to take effect.
Ⓘ [NOTE: The anonymization cannot be undone]
| Fields | Description |
|---|---|
| Legal Entity | Select one or multiple legal entities, which LE attributes should be anonymized. |
| Status | Select the status of the legal entities. |
| Inactive As From |
Enter the number of days that the legal entities have been inactive (based on legal entity Inactive As From field). |
| Country |
Select the country of the legal entities. |
| Attribute Type | Select the attribute type. |
| Anonymized Data |
Clear to load LE attributes that are not yet anonymized, or check to view LE attributes that have been anonymized. |
After LE attribute anonymization, the attributes value is replaced with a code.
5. Anonymization Audit
Bring up the report for menu action reporting.ReportWindow$AnonymizingAudit to view audit information related to anonymization.
| » | Enter search criteria and click . The search criteria are defined below. |
| Fields | Description |
|---|---|
| Requester |
Select a user who anonymized the data. |
| Approver |
Select a user who approved the anonymization (only applies in Authorization mode). |
| Entity Type |
Select the type of data. |
| From / To |
Select the anonymization date range as needed. |
How are we doing?