Data retention is about providing rigor around how long certain data is stored
Data retention is the continuous storage of a company’s data and/or documents for compliance or business reasons. Data is retained for a number of reasons. To properly service and retain customers organizations need to maintain records on customer purchases, contact details, and preferences. Additionally, organizations may need to retain customer records for regulatory audits and legal purposes. From a privacy perspective, customer/personal information should only be retained when there is a business, legal, or regulatory need. This concept is known as ‘data minimization’.
What are some examples of data that companies need to retain?
- Customer purchases, warranties, and physical and electronic communications (emails, letters, faxes).
- Documents and emails related to day-to-day operations.
- Data and communications to customers, prospects, and other solicitations.
- Contracts, financial records, and transactions.
- HR and payroll data.
- Call center records.
- Web and other electronic logs.
What are the key issues that affect how long data is retained?
- Regulatory requirements such as GDPR, CCPA and various state laws.
- Industry regulations such as HIPAA and PCI.
- Duration of customer relationship (for instance specific years of leases or service agreements).
- Legal issues (discovery requests, lawsuits).