Data Retention and Destruction

This Best Practice page has all of our guidance, documents, checklists and content on Data Retention. The guidance comes from the ICO, and their complete guide to data retention can be found on the documents tab. Read our article on data retention for a more in depth outline of how your organisation should approach the retention and destruction of data.

There are no strict periods that govern how long an organisation should keep certain types of data. However, you should only keep data for as long as you need it, in line with data minimisation and accuracy principles.

Ensuring that you erase or anonymise personal data when you no longer need it will reduce the risk that it becomes irrelevant, excessive, inaccurate or out of date. Personal data held for too long will, by definition, be unnecessary. You are unlikely to have a lawful basis for retention. You must also respond to subject access requests for any personal data you hold. This may be more difficult if you are holding old data for longer than you need.

To comply with documentation requirements, you need to establish and document standard retention periods for different categories of information you hold wherever possible. It is also advisable to have a system for ensuring that your organisation keeps to these retention periods in practice, and for reviewing retention at appropriate intervals. If you are a small organisation undertaking occasional low-risk processing, you may not need a documented retention policy.



 

Methods of disposal for paper records

The main methods of disposal are as follows:

Ordinary refuse disposal: This should be used only for small volumes of non-sensitive records. Wherever the volume of paper justifies it, the option of recycling should be considered.

Pulping and recycling: This is Plainly the most environmentally friendly options. However, it may not be appropriate for highly sensitive waste unless it is shred.

Shredding: The cost of labour is likely to make this method unsuitable for all but the smallest volumes. For highly sensitive documents, some types of shredding may not be sufficient and the waste may itself need to be destroyed in order to ensure that it cannot be pieced back together (this would be far more difficult if a quality crosscut shredder was used). If shredding is done centrally, consideration may need to be given to the security of records awaiting destruction.

Incineration: Consideration should be given to the environmental and other safety implications. However, some incinerators are available which will provide heat in the office environment.

Specialist commercial firms can be found to pulp, recycle, shred or incinerate paper records. The security of each firm's methods should be fully investigated and guarantees built into any contract.

Disposal of electronic records

Care needs to be taken to ensure that sensitive data is completely erased from all electronic storage media. For example, deleting a file on a hard disk may only delete the file reference and not the underlying data. With the right tools and knowledge (both of which are in ready supply), it may be possible to reconstruct the file from the disk. 

Generally speaking, to remove data from a hard disk properly, it is necessary to overwrite the data several times with a series of zeroes. The number of times this must be done will depend on the sensitivity of the data. Naturally, the task takes longer according to the number of times it must be performed. Therefore, IT personnel will not appreciate having to apply the highest standards to non-sensitive data.

Where back-up media is concerned, it will normally be necessary to destroy the media itself to ensure that it is unreadable. Although some back-up media can be reused, most IT departments will only tend to do so a few times as the media's reliability may diminish each time it is used. Once it has reached the end of its useful life, this back-up media should be destroyed in accordance with the usual policies.


Below is a link to our Model Data Protection Policy, which has a Retention Policy embedded within it
Use our ask a question feature below if you have any questions you'd like us to answer about data retention and destruction.
Invalid Input

Search