Forum Discussion

gregmck's avatar
gregmck
Copper Contributor
Jan 27, 2021

Microsoft Forms Data Deletion

Folks,

 

Would be grateful if anyone can please advise:

 

A User submits a response to a Microsoft Form. The response is processed, then immediately deleted from the "list of responses" in the relevant Form. The attached Excel Workbook is re-synchronised. The response can no longer be seen, in the list of responses on the Form, or in the attached, synchronised, Workbook.

 

Are previous Microsoft Form submissions still held on a Microsoft Server, after they have been "deleted" at our end, and, if so, for how long?

 

Appreciate that it's always a good idea to ensure that only essential data is collected, but in our situation, the length of time that data is stored on any Microsoft Server will have serious implications for the type of data - any data - we can gather from our prospective Microsoft Form Users.

 

Thanks in advance.

  • RobElliott's avatar
    RobElliott
    Silver Contributor

    gregmck once a response is deleted my understanding is that there is no way to retrieve it from  anywhere; there is certainly no server to which anyone has access that will enable you to retrieve it.

     

    If you wish to have form responses held under a retention policy then you will need to - as we do - always save Forms responses to a SharePoint list via a flow in Power Automate.

     

    Rob
    Los Gallardos
    Microsoft Power Automate Community Super User

    • gregmck's avatar
      gregmck
      Copper Contributor

      RobElliott - thank you very much for the response, which is sincerely appreciated.

       

      The issue isn't so much about being able to retrieve any deleted response. That's the last thing we want! Our deletion of the response, from the Form and from the Workbook, is the step(s) we take, to try to ensure that the response cannot be retrieved at our end.

       

      What I'm trying to ascertain, though, is if the response is deleted period; that is, once we have deleted it at our end, it becomes non-retrievable from anywhere, by anyone, for any reason - whether it is wiped; or whether the submitted data will still be preserved on a server, someplace, for some period of time, when everyone thinks it has - in effect, but perhaps not in actuality - been deleted...?

       

      We're not so much concerned about our handling of the data - we gather, we process, we delete; just about whether the data could (and fingers crossed it would never happen!) - but still, whether the data could be accessed by someone else, even on a server "to which [no-one] has access", when we believed it had been deleted and should therefore no longer exist.

       

      Thank you again for your response.

      • tafski91's avatar
        tafski91
        Copper Contributor

        gregmck hello, I’m here over 2 years later with a very similar dilemma.  I work for a very large Healthcare organisation.  I am a huge fan of MS Forms, I use them and encourage others to use regularly.  I have recently been asked to transfer our public facing request for treatment in word format into a more accessible MS Form.  Fabulous! When I sought assurance that this data would be held in Dataverse? Our Comms Team and information governance department looked at me like I’d just stepped off a ufo wearing a tutu! After explaining (with my rather amateur knowledge) that due to the personal data that will collected AND knowing that we can possibly receive 1,000 referrals per year, our service would require a more robust data storage.  They scratched their heads and came up with printing the forms off, adding to patient paper file and deleting the form.  After scouring the internet I found your message.  It looks like once deleted it is gone, but this only gives me further concerns! The end users are staff with varying IT experience and I will have to set up some operating procedure to mitigate the risk.  It just feels wrong giving the nature of the data being collected?  How on earth do I police that with no IT support.  Whilst I appreciate that this will be so much easier for our patients to request treatment, it scares the life out of me that the end users will be responsible for governance with no audits or responsibility taken by anyone but me.  If there’s anyone out there who can put my mind at rest OR confirm my alarm please respond.  

        help me obi one you’re my only hope 

Resources