IVI Framework Viewer

Retention and Destruction

C5

Develop and implement controls to verify that personal data is not retained beyond the time specified in retention policies. Destroy data media (all forms — paper, digital, etc.) at the end of the data's life-cycle and ensure that obsolete (or deleted) personal data is not inappropriately restored.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Retention and Destruction at each level of maturity.

1Initial
  • Practice
    Design and implement appropriate personal data retention policies.
    Outcome
    Specification, procurement or management tends to be department choice or ad hoc.
  • Practice
    Destroy data media (inclusive of paper and digitized data) where the media is at its lifecycle end.
    Outcome
    Processes to identify personal data are defined and in use in IT and some business units.
    Metric
    # fields identified as personal data or personal sensitive data.
  • Practice
    Destroy or anonymize all personal data as soon as its retention is no longer necessary for the specified purposes.
    Outcome
    IT and business units work on jointly developing data, classification guidelines for all personal and sensitive personal data assets.
    Metric
    # fields identified as personal data or personal sensitive data.
2Basic
  • Practice
    Design and implement appropriate personal data retention policies.
    Outcome
    Data protection and security classification guidelines are implemented and regularly improved enterprise-wide.
    Metric
    # fields identified as personal data or personal sensitive data.
  • Practice
    Destroy data media (inclusive of paper and digitized data) where the media is at its lifecycle end.
    Outcome
    Data protection and security classification guidelines are optimized for various data lifecycles.
    Metric
    Frequency at which personal data is assessed classification and purpose.
  • Practice
    Destroy or anonymize all personal data as soon as its retention is no longer necessary for the specified purposes.
    Outcome
    Use (if any) of information lifecycles is ad hoc.
3Intermediate
  • Practice
    Design and implement appropriate personal data retention policies.
    Outcome
    Some business information lifecycles have been developed and are in use at process and/or function level and identify personal and sensitive personal information.
    Metric
    % Personal data addressed using life-cycle management approaches.
  • Practice
    Destroy data media (inclusive of paper and digitized data) where the media is at its lifecycle end.
    Outcome
    Lifecycles are defined for all personal and sensitive personal data and in use across the enterprise.
    Metric
    % Personal data addressed using life-cycle management approaches.
  • Practice
    Destroy or anonymize all personal data as soon as its retention is no longer necessary for the specified purposes.
    Outcome
    A multi-lifecycle management capability is supported across the enterprise and support audit.
    Metric
    % Personal data addressed using life-cycle management approaches.
4Advanced
  • Practice
    Design and implement appropriate personal data retention policies.
    Outcome
    The lifecycles are used across the extended enterprise and are adaptive and self-auditing.
    Metric
    Frequency of review of personal data life cycles.
  • Practice
    Destroy data media (inclusive of paper and digitized data) where the media is at its lifecycle end.
    Outcome
    Specification, procurement or management tends to be department choice or ad hoc.
  • Practice
    Destroy or anonymize all personal data as soon as its retention is no longer necessary for the specified purposes.
    Outcome
    Available data protection toolsets and existing solutions are effectively and efficiently used.
    Metric
    % Staff provided training on the need for and the use of data protection tools and aids.
5Optimized
  • Practice
    Design and implement appropriate personal data retention policies.
    Outcome
    IT and some business units are agreed on the automation levels, tooling, resourcing, and management of security resources.
    Metric
    % Staff provided training on the need for and the use of data protection tools and aids.
  • Practice
    Destroy data media (inclusive of paper and digitized data) where the media is at its lifecycle end.
    Outcome
    Monitoring is highly automated via standard toolsets and resources are actively managed to improve security and data protection services across the enterprise.
    Metric
    % Staff provided training on the need for and the use of data protection tools and aids.
  • Practice
    Destroy or anonymize all personal data as soon as its retention is no longer necessary for the specified purposes.
    Outcome
    The specification, procurement, and management of data protection and security tools and resources are continuously reviewed and improved as necessary across the business ecosystem.
    Metric
    % tools that are benchmarked against data protection best practice.