Does your organisation have a data deletion policy?


/ February 2, 2015

Now that storing data is easy and cheap, it can be tempting to keep everything that you collect.  Bruce Schneier points out the pitfalls of this approach in his discussion of the recent Sony hack:

If Sony had had an aggressive data deletion policy, much of what was leaked couldn’t have been stolen and wouldn’t have been published…

Unless there are laws requiring an organization to save a particular type of data for a prescribed length of time, deletion should be the norm.

This has always been true, but many organizations have forgotten it in the age of big data. In the wake of the devastating leak of terabytes of sensitive Sony data, I hope we’ll all remember it now.

Want to know where to get started with a data deletion policy? Two resources that have come out of Responsible Data Forums can help.

Does your organisation have a policy for dealing with data retention? Can you recommend any resources for creating one? Any tips or tricks for what to consider? Let us know in the comments.

About the contributor

Tom started out writing and editing for newspapers, consultancies and think tanks on topics including politics and corruption in sub-Saharan Africa and Asia, then moved into designing and managing election-related projects in countries including Myanmar, Bangladesh, Rwanda and Bolivia. After getting interested in what data and technology could add in those areas and elsewhere, he made a beeline for The Engine Room. Tom is trying to read all of the Internet, but mostly spends his time picking out useful resources and trends for organisations using technology in their work.

See Tom's Articles

Related /

/ February 15, 2022

Responsible Data Community Retrospective series: 12 articles about the state of the Responsible Data work

/ October 31, 2016

Developing and operationalizing Responsible Data Policies

/ March 28, 2016

RDF @ IFF: Collaboratively tackling some responsible data challenges at the Internet Freedom Festival