*** Welcome to piglix ***

Data retention


Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements; although sometimes interchangeable, not to be confused with the Data Protection Act 1998.

The different data retention policies weigh legal and privacy concerns against economics and need-to-know concerns to determine the retention time, archival rules, data formats, and the permissible means of storage, access, and encryption.

A data retention policy is a recognized and proven protocol within an organization for retaining information for operational use while ensuring adherence to the laws and regulations concerning them. The objectives of a data retention policy are to keep important information for future use or reference, to organize information so it can be searched and accessed at a later date and to dispose of information that is no longer needed.

The data retention policies within an organization are a set of guidelines that describes which data will be archived, how long it will be kept and other factors concerning the retention of the data.

A part of any effective data retention policy is the permanent deletion of the retained data; achieving secure deletion of data by encrypting the data when stored, and then deleting the encryption key after a specified retention period. Thus, effectively deleting the data object and its copies stored in online and offline locations.

The policy of data retention under The Data Retention (EC Directive) Regulations 2009 applies to a wide range of methods that control how data is acquired and stored. These Regulations came into force on 6 April 2009. Data is retained by different organizations for a range of different data retention reasons but the Data Retention Regulations mainly focus on the telecommunication industry. These regulations apply only to communications data while communications services are being supplied by public communication providers, if the data generated or processed is within the United Kingdom.

The purpose of these regulations is to implement Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 (“Data Retention Directive”) on the retention of data. The regulations also outline the kind of data that must be retained within the telecommunication industry. From retained data it must be possible to:


...
Wikipedia

...