Personal Data Retention and Destruction
Develop and implement controls to verify that personal data is not retained beyond the time specified in data retention policies. Destroy data media (all forms — paper, digital, DNA encoded etc.) at the end of the data's life cycle and ensure that obsolete (or deleted) personal data is not inappropriately restored.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Personal Data Retention and Destruction at each level of maturity.
- 2Basic
- Practice
- Draft a basic personal data retention and destruction policy.
- Outcome
- Personal data is beginning to be retained and destroyed according to policy guidance in some areas.
- Metric
- % of personal data managed in accordance with data retention and destruction policies.
- Practice
- Select personal data for deletion based on the age of the data and the life cycle stage.
- Outcome
- The life cycle status of personal data is beginning to be managed.
- Metrics
- % of personal data fields deleted based on life cycle stage.
- % of personal data fields deleted based on age.
- % of personal data not addressed by a data deletion policy.
- 3Intermediate
- Practices
- Use a personal data retention and destruction policy across most areas of the business.
- Review and classify data at least annually and specify suitable retention periods against key personal data attributes.
- Outcome
- Personal data is retained and destroyed according to policy guidance across most areas of the business.
- Metric
- % of personal data managed in accordance with data retention and destruction policies.
- Practice
- Use the life cycle stage and metadata to clearly identify data that is ready for anonymization or deletion, and to trigger the data's destruction.
- Outcome
- Life cycles and metadata clearly identify data that is ready for anonymization or deletion.
- Metrics
- % of personal data fields deleted based on life cycle stage.
- % of personal data fields deleted based on age.
- % of personal data not addressed by a data deletion policy.
- 4Advanced
- Practices
- Use a comprehensive personal data retention and destruction policy across the entire organization.
- Regularly review and classify data, and specify suitable retention periods against each personal data attribute.
- Outcome
- Personal data is retained and destroyed according to policy guidance across the entire organization.
- Metric
- % of personal data managed in accordance with data retention and destruction policies.
- Practice
- Destroy personal data in accordance with comprehensive policies across the organization.
- Outcome
- Personal data destruction is policy and process compliant across the organization.
- Metrics
- % of personal data fields deleted based on life cycle stage.
- % of personal data fields deleted based on age.
- % of personal data not addressed by a data deletion policy.
- 5Optimized
- Practice
- Continually review data retention periods in line with the business strategy and objectives, and with statutory requirements.
- Outcome
- Data retention is always compliant with business strategy and objectives, and with statutory requirements.
- Metrics
- % of personal data managed in accordance with data retention and destruction policies.
- Frequency of review of data retention periods.
- Practice
- Destroy personal data in accordance with policies across the business ecosystem, and continually review the process for improvement opportunities.
- Outcome
- Personal data destruction is policy and process compliant across the business ecosystem.
- Metrics
- % of personal data fields deleted based on life cycle stage.
- % of personal data fields deleted based on age.
- % of personal data not addressed by a data deletion policy.