IVI Framework Viewer

Personal Data Retention and Destruction

C5

Develop and implement controls to verify that personal data is not retained beyond the time specified in data retention policies. Destroy data media (all forms — paper, digital, DNA encoded etc.) at the end of the data's life cycle and ensure that obsolete (or deleted) personal data is not inappropriately restored.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Personal Data Retention and Destruction at each level of maturity.

2Basic
  • Practice
    Draft a basic personal data retention and destruction policy.
    Outcome
    Personal data is beginning to be retained and destroyed according to policy guidance in some areas.
    Metric
    % of personal data managed in accordance with data retention and destruction policies.
  • Practice
    Select personal data for deletion based on the age of the data and the life cycle stage.
    Outcome
    The life cycle status of personal data is beginning to be managed.
    Metrics
    • % of personal data fields deleted based on life cycle stage.
    • % of personal data fields deleted based on age.
    • % of personal data not addressed by a data deletion policy.
3Intermediate
  • Practices
    • Use a personal data retention and destruction policy across most areas of the business.
    • Review and classify data at least annually and specify suitable retention periods against key personal data attributes.
    Outcome
    Personal data is retained and destroyed according to policy guidance across most areas of the business.
    Metric
    % of personal data managed in accordance with data retention and destruction policies.
  • Practice
    Use the life cycle stage and metadata to clearly identify data that is ready for anonymization or deletion, and to trigger the data's destruction.
    Outcome
    Life cycles and metadata clearly identify data that is ready for anonymization or deletion.
    Metrics
    • % of personal data fields deleted based on life cycle stage.
    • % of personal data fields deleted based on age.
    • % of personal data not addressed by a data deletion policy.
4Advanced
  • Practices
    • Use a comprehensive personal data retention and destruction policy across the entire organization.
    • Regularly review and classify data, and specify suitable retention periods against each personal data attribute.
    Outcome
    Personal data is retained and destroyed according to policy guidance across the entire organization.
    Metric
    % of personal data managed in accordance with data retention and destruction policies.
  • Practice
    Destroy personal data in accordance with comprehensive policies across the organization.
    Outcome
    Personal data destruction is policy and process compliant across the organization.
    Metrics
    • % of personal data fields deleted based on life cycle stage.
    • % of personal data fields deleted based on age.
    • % of personal data not addressed by a data deletion policy.
5Optimized
  • Practice
    Continually review data retention periods in line with the business strategy and objectives, and with statutory requirements.
    Outcome
    Data retention is always compliant with business strategy and objectives, and with statutory requirements.
    Metrics
    • % of personal data managed in accordance with data retention and destruction policies.
    • Frequency of review of data retention periods.
  • Practice
    Destroy personal data in accordance with policies across the business ecosystem, and continually review the process for improvement opportunities.
    Outcome
    Personal data destruction is policy and process compliant across the business ecosystem.
    Metrics
    • % of personal data fields deleted based on life cycle stage.
    • % of personal data fields deleted based on age.
    • % of personal data not addressed by a data deletion policy.