Skip to content
← For accountants & bookkeepers

Enter your idea

For accountants & bookkeepers: Xero Practice Manager

Categories

(thinking…)

Practice Manager - Housekeeping (Assisted PII data removal for archived clients)

From what I understand is common in a lot of firms is when a client leaves/dies/etc their client profile is archived in XPM and the data persists into infinity.

Given the latest high profile data breaches is would be good if XPM had a Housekeeping module where firms could identify archived clients where the attached Personally Identifiable Information (In particular TFN, Bank account, phone/mobile and addresses) is no longer needed and permanently remove it in a structured process.

A similar process may need to be created for the forms that we generate from XPM so they they are permanently removed after we are no longer required to keep them.

More people in general need to see that the PII data we store is 'toxic waste' that should only be held for as little time and securely as possible.

In summary there is probably a lot of archived 'toxic waste' PII data in practices who use XPM, please make it easy for practices to remove it in a safe and curated way.

4 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Luke Sawyer shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Julie-Anne (Jewlz) Ellem commented  ·   ·  Report

    In light of XeroCon2023 cyber security - I believe there should be an option on Xero XPM that allows us to delete sensitive data from archived clients.

    If we are to do annual audits of the data we hold, and keep and delete what we no longer need to have on file, would it not then be pertinent to give us a reminder when we archive clients that leave our practice to either manually delete (or automagically ask for it to be redacted).

    I'm thinking data including:
    + Tax File Numbers
    + Date of Birth
    + Bank details

    At the moment, the process to delete this information from my archived list is to restore the old client, manually delete, and then re-archive.

    For those of us who have used XPM since inception, that's a LOT of clients and a LOT of data to delete being a big time waster, but important in these times of higher scrutiny on data security.

    Ideally we'd have two options available to Practice Administrators:
    1. Delete this data from already archived clients
    2. Reminder / Request to delete this data upon archiving active clients