Data Disposal
Howard Diesel
Chief Data Officer @ Modelware Systems | CDMP Master | Data Management Advisor
When beginning any programme, starting with the end in mind is essential.?
Starting with the end in mind will help you stay focused and use your structured and unstructured records efficiently and sometimes effectively.
Should we apply this approach to your data privacy programme?
@Caroline recommends this approach and has provided us with questions to help us define the target state.
Here are the critical questions that need answering about record disposal:
What does the company need to dispose of?
All types and formats of enterprise information require disposal.
Information types include application data, metadata, reference and master data, and warehouse data.
Information can exist in any form: structured, semi-structured, unstructured and non-digital—the less structured the data, the more metadata we require to manage the disposal.
All information should be classified and associated with a retention policy/schedule.
It is also essential to understand the state of the information:
Why must we dispose of it?
Most data privacy regulations state that we MUST only retain records for as long as necessary to achieve the collection or processing purpose (POPIA s14.1).?
There are generally some caveats to the statement above:
There was much debate on Who must define and agree on the?End-of-Life. Regarding POPIA, the responsible party must determine the purpose and means of processing. All its vendors and cloud services must process personal records under the responsible party's direction.?
领英推荐
Yes, the processing party can provide advice/suggestions, but the responsible party carries the end-of-life definition and risk of persistent storage.
Data Privacy indeed defines the roles and responsibilities for the disposal of P.I. records, but we must not ignore good data management practices concerning disposal:
When must we dispose of it?
Your retention policy will define what criteria should be applied when defining and calculating the appropriate retention schedule for a record.
The retention schedule determines when the disposal date of the record. This date will depend on the following criteria:
How must we dispose of it?
P.I. record disposal must be defensible in a court of law.
If you can't legally prove that you have disposed of the records, you must present the information if requested.
It is essential to recognise device sanitisation and secure disposal standards.
There are several archival and disposal techniques, which we refer to as data transition buckets:
What disposal evidence must we keep?
The evidence for record disposal includes:??
We have recorded this webinar so if you'd want to hear the recording, kindly comment on this article and we will gladly share it with you.
Admitted Attorney of the High Court of South Africa| Privacy| Risk Advisory| Regulatory Compliance
1 年Thank you for this!!! Will you kindly share the recording as well.
Information Management | Data Steward | Records Manager
1 年Great article could I please get access to the recording. Thank you ??
Senior Records Management Officer at City of Cape Town
1 年Thank you for this valuable article, please share the link to the webinar, would like to hear more insights on the topic. Thank you!
Strategic Information & Data Integration Leader | Advancing Digital Transformation and Operational Excellence | Championing Compliance, Innovation, and Stakeholder Engagement
1 年I would really like to access this recorded webinar of this timely topic as we are working on our assessment framework and what you have highlighted above is really beneficial about defining the target state.
MBA | Ingeniera de Sistemas | Gestión de Datos y Analíticas | Protección de datos Personales
1 年Great article Howard Diesel. Thanks for sharing