Deprovisioning regulation

Deletion of the data of users of the participating institutions (Shibboleth accounts) after the end of use

Notes

If you have folders or files in your storage quota that are used by a workgroup, transfer the folders or files to another member of the folder in good time before you leave (Settings -> Share -> Select file or folder for transfer). The new owner must agree to the transfer.

If you experience any problems while using bwSync&Share or if folders are not visible after logging in, please contact the service desk of your institution!

Guest accounts do not have their own storage quota in bwSync&Share.
Folders to which guests are invited fall under the deprovisioning rule of the owning persons.
The deprovisioning of personal usage data (user account/password/permissions) of guest accounts is described at the end of this page: Deprovisioning of guest accounts

 

Regulation on handling data in bwSync&Share after end of use

The present deprovisioning regulation of the bwSync&Share service specifies the procedure for providing stored data of users after the end of service use. This concerns the data in the storage quotas available to employees and students of the universities and colleges in Baden-Württemberg, users of the participating members of the DFN-Verein, and members of the Helmholtz centers.

Initial situation

A storage quota is made available under the following conditions:

  1. An active user account exists in the user administration of the home institution.
  2. The right (Entitlement) to use bwSync&Share is set for the user account in the identity provider of the home institution.
  3. The person using the service has registered for the service as part of the initial registration (or directly via https://bwidm.scc.kit.edu).

The criteria are verified by bwIDM Identity Management.

Within the user management of bwSync&Share, a separate account is maintained to which the storage quota is assigned. The folders and data of the account as well as the granted access rights to folders and files are managed here.

Deprovisioning

The deprovisioning of accounts and data within the bwSync&Share service is started by deregistering a user account in bwSync&Share. A deregistration can be triggered by different actions:

 

a) The user account is no longer active in the local user administration of the home institution. The deregistration is done automatically.

b) The local user account has lost the right (entitlement) to use bwSync&Share. Deregistration is done automatically.

c) The user has cancelled the service himself/herself on the registration page (https://bwidm.scc.kit.edu) and thus deregistered him/herself.

The bwSync&Share user account will be deregistered and thus no login to the service is possible anymore. Any discrepancies concerning the local user account must be clarified with the support unit of the home institution. If the user account is reactivated there or the Entitlement is granted again, the person using the service can log in to the service again as long as the account and the data have not yet been deleted. If the person has deregistered himself from the service, this can be reversed by registering again.

Three months after deregistration, a file named "___Attention_OWNERDISABLED.md" will be placed as a flag in the shared folders of the deregistered account, informing the using persons accessing these folders that the bwSync&Share account of the owner of this folder has been deactivated and that the data will be permanently deleted shortly.
All users with whom the folders and files of the deregistered account were shared will still see the corresponding folder or file. They can continue to synchronize and edit the data if they have the permission to do so.

Transfer of a user's data after deregistration

If access to bwSync&Share can no longer be provided to the owner of data (e.g. after deactivation of the user account in the home organization), this data can still be provided to the owning person (and only to this person) within 360 days after deregistration.

Requests are received by the local support unit (1st level support) and authentication is ensured, e.g. by presenting an identification document, signed e-mail, etc. The 1st level support opens a ticket in the bwSupport portal with the user's data and a current e-mail address of this person. The 2nd level support then sends an e-mail with a download link for downloading the data to this e-mail address.

Final deletion of data

360 days after deregistration, both the user account in bwSync&Share and associated folders and data are irrevocably deleted.
Also existing access permissions to folders and files of other persons will be deleted.

Deprovisioning of guest accounts

Guest accounts do not have their own storage space and can only store data in the contingent of Shibboleth accounts for which they have received the corresponding permissions. The data stored there belongs to the quota owner.
The deprovisioning of data from guest accounts affects the corresponding user account with mail address, password and access permissions to folders or files.
One year after the last login, the stored mail address will be contacted and asked to log in again. If this does not happen, the account and the access permissions will be deleted one month after the notification was sent.