Data should be retained only for as long as it is necessary. This means you will need to retain data whilst it is required for the processing which you need it for, but it also means that you might be able to retain the data for longer if you have a legitimate reason to continue holding it.
The life of an information asset should pass through a number of stages:
- Data collection
- Data usage
- Retention trigger point
- Retention period
- Data destruction.
A good data management process will therefore recognise when data is required for its original use and the trigger point for retention. The retention period should always be ‘for as long as is necessary’ but this could be anywhere from immediate to many years. The rationale for the retention and the period should be documented and finally, action should be taken when the retention period comes to an end. This action may be ‘destruction’, but equally it may be to ‘review’ the retention period, for example where there is a significant risk of litigation.
A practical example of this can be analysed with a common information asset which most organisations would recognise:
Information Asset: Health Surveillance (H&S)
Retention Trigger: Last Incident
Retention Period: 40 years
Rationale: Health & Safety at Work Act 1974
An example of a good data retention schedule can be found on the ICO’s website: https://ico.org.uk/media/about-the-ico/policies-and-procedures/2259025/retention-and-disposal-schedule-for-website.pdf