A data retention policy states how long an organization should retain its various data types and sets out the details of data retention and data destruction. Retention policies should answer a variety of questions about data, including: For more at Data Retention Policy
What data do you keep?
How long do you keep that data?
In what format is the data stored?
Where is the data stored?
Who is responsible for maintaining the stored data’s security?
When and how will stored data eventually be purged?
Before establishing a data retention policy, an organization must understand what data it generates and uses across its business units. Data can be dispersed across numerous applications, systems, and storage locations, all of which should be accounted for in a data retention policy. Since you can’t thoughtfully retain or purge data you don’t know about, creating a data map to understand your data sources is a crucial first step.
For each type of data you generate, you’ll want to ask what the data’s purpose is and how long it will remain useful. Social chats on a collaboration platform may only be useful for a day; project conversations that demonstrate the origin of a piece of intellectual property are likely to be useful for much longer. Organizations should only keep data that is necessary or useful. That may include data that is required or helpful to:
maintain legal or regulatory compliance and respond to regulatory inquiries, defend the organization against legal claims, establish ownership of the organization’s intellectual property when faced with potential theft or misattribution, onboard new personnel and bring them up to speed on projects, learn from past projects and establish a store of institutional knowledge. On the other hand, outdated, redundant, or simply irrelevant data need not—and should not—be retained. Determining which data fits in which categor requiresbalancing competing forces. For more at Data Retention Policy
No comments:
Post a Comment