Is anybody aware of the methodology which may be used to determine the
appropriate retention period for personal data, or is this more a matter of
opinion, or based upon comparison with what become accepted periods for data
of a similar type processed for a similar purpose?
Also are there any good examples of utilising audit trails to review/confirm
the appropriate retention periods for personal data. i.e. no access to data
over ?? months/years has been made for the past ?? months years, so the
appropriate retention must be ??.
I acknowledge this is often a difficult subject to obtain a grounded answer
for from within organisations, and that misdirection is often used to
sidetrack, especially during periods of change. What I am looking for
however, is not those cases where this happens, as they become clearly
obvious when the matter is repeatedly not correctly challenged, but where
logically reproducible methods have been utilised to make a determination
for the retention period over a broadly based set of data containing several
hundred thousand or million records.
Ian W
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|