ELI5: What are Data retention policies?
These are rules about how long you keep old papers before shredding them. Some papers you must keep for years (like tax records), and others you should throw away quickly so they do not pile up and become a problem.
Definition
Data retention policies define the duration for which different categories of organizational data must be kept, as well as the procedures for secure disposal when the retention period expires. These policies are driven by legal and regulatory requirements, business needs, and privacy considerations. Retaining data too long creates unnecessary risk; destroying it too early may violate legal obligations.
Key Details
- Retention periods vary by data type and applicable regulations (e.g., financial records 7 years, health records longer)
- Legal hold supersedes normal retention schedules — data must be preserved when litigation is anticipated
- Secure destruction methods: overwriting, degaussing, physical destruction, certified shredding
- Data classification is a prerequisite — different data types have different retention requirements
- Cloud data retention must account for where data physically resides (data sovereignty concerns)
Connections
- Parent: data-protection — data retention policies are a core component of data governance and protection
- See also: data-sovereignty