Does your organisation have a data deletion policy?

Now that storing data is easy and cheap, it can be tempting to keep everything that you collect.  Bruce Schneier points out the pitfalls of this approach in his discussion of the recent Sony hack:

If Sony had had an aggressive data deletion policy, much of what was leaked couldn’t have been stolen and wouldn’t have been published…

Unless there are laws requiring an organization to save a particular type of data for a prescribed length of time, deletion should be the norm.

This has always been true, but many organizations have forgotten it in the age of big data. In the wake of the devastating leak of terabytes of sensitive Sony data, I hope we’ll all remember it now.

Want to know where to get started with a data deletion policy? Two resources that have come out of Responsible Data Forums can help.

Does your organisation have a policy for dealing with data retention? Can you recommend any resources for creating one? Any tips or tricks for what to consider? Let us know in the comments.

This can help you with: Managing data
Issue areas: Data re-useIdentity, anonymity & privacy

Comments (3)

  1. Pingback: Retaining your ability to fight nefarious lawsuits through smart data retention | the engine room

  2. Pingback: Retaining your ability to fight nefarious lawsuits through smart data retention — Responsible Data Forum

  3. Pingback: Retaining your ability to fight nefarious lawsuits through smart data retention | Kristin J Antin

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

Published on: 2 Feb 2015
Discussion: 3 Comments