Data retention policy
4.0 Policy
4.1 Reasons for Data Retention
The company does not wish to simply adopt a "save everything" mentality. That is not practical or cost-effective, and would place an excessive burden on the IT Staff to manage the constantly-growing amount of data.
Some data, however, must be retained in order to protect the company's interests, preserve evidence, and generally conform to good business practices. Some reasons for data retention include:
• Litigation
• Accident investigation
• Security incident investigation
• Regulatory requirements
• Intellectual property preservation
4.2 Data Duplication
As data storage increases in size and decreases in cost, companies often err on the side of storing data in several places on the network. A common example of this is where a single file may be stored on a local user's machine, on a central file server, and again on a backup system. When identifying and classifying the company's data, it is important to also understand where that data may be stored, particularly as duplicate copies, so that this policy may be applied to all duplicates of the information.
4.3 Retention Requirements
This section sets guidelines for retaining the different types of company data.
Personal There are no retention requirements for personal data. In fact, the company
encourages that it be deleted or destroyed when it is no longer needed.
Public There are no retention requirements for public data beyond what the owner of the data desires.
Operational Most company data will fall in this category. Operational data must be retained for 1 year.
Critical Critical data must be retained for 2 years.
Confidential Confidential data must be retained for 2 years.
4.4 Retention of Encrypted Data
If any information retained under this policy is stored in an encrypted format, considerations must be taken for secure storage of the encryption keys. Encryption keys must be retained as long as the data that the keys decrypt is retained.
4.5 Data Destruction
Data destruction is a critical component of a data retention policy. Data destruction ensures that the company will not get buried in data, making data management and data retrieval more complicated and expensive than it needs to be. Exactly how certain data should be destroyed is covered in the Data Classification Policy.
When the retention timeframe expires, the company must actively destroy the data covered by this policy. If a user feels that certain data should not be destroyed, he or she should identify the data to his or her supervisor so that an exception to the policy can be considered. Since this decision has long-term legal implications, exceptions will be approved only by a member or members of the company's executive team.
The company specifically directs users not to destroy data in violation of this policy. Particularly forbidden is destroying data that a user may feel is harmful to himself or herself, or destroying data in an attempt to cover up a violation of law or company policy.
4.6 Applicability of Other Policies
This document is part of the company's cohesive set of security policies. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.
Data archiving and removal policy
4.0 Policy
4.1 Treatment of Confidential Data
For clarity, the following sections on storage, transmission, and destruction of confidential data are restated from the Data Classification Policy.
4.1.1 Storage
Confidential information must be removed from desks, computer screens, and common areas unless it is currently in use. Confidential information should be stored under lock and key (or keycard/keypad), with the key, keycard, or code secured.
4.1.2 Transmission
Confidential data must not be 1) transmitted outside the company network without the use of strong encryption, 2) left on voicemail systems, either inside or outside the company's network.
4.1.3 Destruction
Confidential data must be destroyed in a manner that makes recovery of the information
impossible. The following guidelines apply:
• Paper/documents: cross cut shredding is required.
• Storage media (CD's, DVD's): physical destruction is required.
• Hard Drives/Systems/Mobile Storage Media: at a minimum, data wiping must be used. Simply reformatting a drive does not make the data unrecoverable. If wiping is used, the company must use the most secure commercially-available methods for data wiping. Alternatively, the company has the option of physically destroying the storage media.
4.2 Use of Confidential Data
A successful confidential data policy is dependent on the users knowing and adhering to the company's standards involving the treatment of confidential data. The following applies to how users must interact with confidential data:
• Users must be advised of any confidential data they have been granted access. Such data must be marked or otherwise designated "confidential.";
• Users must only access confidential data to perform his/her job function.
• Users must not seek personal benefit, or assist others in seeking personal benefit, from the use of confidential information.
• Users must protect any confidential information to which they have been granted access and not reveal, release, share, email unencrypted, exhibit, display, distribute, or discuss the information unless necessary to do his or her job or the action is approved by his or her supervisor.
• Users must report any suspected misuse or unauthorized disclosure of confidential information immediately to his or her supervisor.
• If confidential information is shared with third parties, such as contractors or vendors, a confidential information or non-disclosure agreement must govern the third parties' use of confidential information. Refer to the company's outsourcing policy for additional guidance.
4.3 Security Controls for Confidential Data
Confidential data requires additional security controls in order to ensure its integrity. The company requires that the following guidelines are followed:
• Strong Encryption. Strong encryption must be used for confidential data transmitted external to the company. If confidential data is stored on laptops or other mobile devices, it must be stored in encrypted form.
• Network Segmentation. Separating confidential data by network segmentation is strongly encouraged.
• Authentication. Strong passwords must be used for access to confidential data.
• Physical Security. Systems that contain confidential data should be reasonably secured.
• Printing. When printing confidential data the user should use best efforts to ensure that the information is not viewed by others. Printers that are used for confidential data must be located in secured areas.
Data storage policy
4.0 Policy
4.1 Data Classification Data residing on corporate systems must be continually evaluated and
classified into the following categories:
1. Personal: includes user's personal data, emails, documents, etc. This policy excludes
personal information, so no further guidelines apply.
2. Public: includes already-released marketing material, commonly known information, etc.
There are no requirements for public information.
3. Operational: includes data for basic business operations, communications with vendors,
employees, etc. (non-confidential). The majority of data will fall into this category.
4. Critical: any information deemed critical to business operations (often this data is
operational or confidential as well). It is extremely important to identify critical data for
security and backup purposes.
5. Confidential: any information deemed proprietary to the business. See the Confidential
Data Policy for more detailed information about how to handle confidential data.
4.2 Data Storage
The following guidelines apply to storage of the different types of company data.
4.2.1 Personal
There are no requirements for personal information.
4.2.2 Public
There are no requirements for public information.
4.2.3 Operational
Operational data must be stored where the backup schedule is appropriate to the importance of
the data, at the discretion of the user.
4.2.4 Critical
Critical data must be stored on a server that gets the most frequent backups (refer to the Backup
Policy for additional information). System- or disk-level redundancy is required.
4.2.5 Confidential
Confidential information must be removed from desks, computer screens, and common areas
unless it is currently in use. Confidential information should be stored under lock and key (or
keycard/keypad), with the key, keycard, or code secured.
4.3 Data Transmission
The following guidelines apply to transmission of the different types of company data.
4.3.1 Personal
There are no requirements for personal information.
4.3.2 Public
There are no requirements for public information.
4.3.3 Operational
No specific requirements apply to transmission of Operational Data, however, as a general rule,
the data should not be transmitted unless necessary for business purposes.
4.3.4 Critical
There are no requirements on transmission of critical data, unless the data in question is also
considered operational or confidential, in which case the applicable policy statements would
apply.
4.3.5 Confidential
Confidential data must not be 1) transmitted outside the company network without the use of
strong encryption, 2) left on voicemail systems, either inside or outside the company's network.
Data center location(s)
United States
Data hosting details
Cloud hosted
Data hosting company
Google Cloud Platform (GCP)
App/service has sub-processors
no