10

Retention/Removal

Many of the data privacy regulations require that data should be retained or removed based on certain criteria:

• Legal requirements concerning financial data may stipulate the need for it to be retained for up to 10 years
• The storage limitation principle implies that Personally Identifiable Information (PII) should only be retained for the time necessary to process the data for the purpose intended or for as long as the data is in the public interest, or for research but after it has been anonymized

Figure 10.1: Files are retained until no longer needed and are then destroyed

In this chapter, we’re going to look at the ...