While the significance of robust data management is achieving greater recognition amongst Australian organisations, one critical aspect often gets overlooked – data destruction policies.
Retaining data beyond its useful lifespan is a liability that touches multiple business decisions, including:
- Security: The less data you have and store, the less data there is for people to misuse in the unfortunate case of a breach. Data that is kept simply because there was no plan to destruct it increases not only the risk of exposure but also the overall impact of that exposure. It also can be further damaging to brand reputation, as past-customers question why their data was retained.
- Compliance: Adherence to the Australian Privacy Principles not only guides you to comply with privacy best practices; a breach of one of these 13 principles is considered “an interference with the privacy of an individual” and can lead to regulatory action and penalties.
- Cost: While it is becoming cheaper and cheaper to store data, there is still a cost associated with storing data. Paying to retain data unnecessarily simply isn’t a prudent financial decision.
- Environmental impact: With sustainability continuing to rank higher on organisational priorities, it’s important to consider the physical e-waste that is produced when destroying data. Physical destruction methods, such as shredding or crushing storage media obviously means there is no chance of reuse – as does degaussing magnetic storage media.
- System performance: When you attempt to hold data in an operational system (which is not built to hold a large quantity of data), it can slow down the effectiveness of those systems – even where they are cloud-based solutions.
“Organisations should think about data destruction – or deidentification – upfront, as part of the design and implementation process. Before they even begin collecting it,” says 9Yards Data Security Consultant, Paul Yeardley. “It can’t be an afterthought, or it will definitely come back to bite you down the line.”
Understanding data destruction requirements
It’s often touted that an organisation has to keep its data for seven years – but already that’s open to interpretation. “Seven years of what?” asks Paul. “If someone has been a customer for seven years, you’re still going to need their data as a current customer. So it’s actually about having the right rules in place to understand if you’re measuring, for example, seven years since a customer has made a transaction. Or seven years since they’ve contacted you.”
Knowing and adding these business rules to your data management processes – and applying them to both operational and reporting systems, as well as backups – will protect against the risks of retaining data beyond its valuable lifespan.
Data destruction vs data de-identification
‘End of life planning’ for data isn’t always about moving straight to destruction, though, says Paul. Transforming the data to no longer have any personally identifiable information (PII) can be just as good as destruction from the perspective of security and compliance.
“Once you move the data out of an operational system – into a data platform or data warehouse – you don’t necessarily need to destroy it (at that point in time), but you do need to at least de-identify it. So there’s no way of knowing who it belonged to, but you can still look at that data and aggregate, for example, how many customers you had in a certain postcode, and the number of sales attributed there,” he says.
Your organisation’s data management processes, then, should include a matrix or checklist steps to determine what types of data are valuable to retain when de-identified, and what types provide no further value and should be fully removed.
The role of data catalogues in data destruction
Simply put, to be able to thoroughly destroy data, you need to know where it is. Backups and other “forgotten” storage solutions are a popular target for attacks, because they are frequently out-of-sight-out-of-mind, explains 9Yards Data Security Consultant Tatiana Konnova.
“An organisation has the data, they’re no longer using it day to day, but they’ve kept it because they don’t have good de-identification or data destruction policies. It sits in a backup solution, and that backup gets exposed because it’s easy to exploit when it’s not viewed on a daily basis,” she says.
“A lot of organisations don’t actually know where all of their data is,” says Paul. “So we advocate for the use of data catalogues. They show the lineage of data – you know where it’s coming from, you know where it’s going to.”
A data catalogue is essentially metadata about the data kept in your organisation. It can help you identify:
- location
- who has ownership of it
- what its classification is
- whether it is sensitive
- whether it is confidential
- etc.
Determine data destruction policies in your organisation
If your data destruction policies aren’t as thorough as they could be, and you want big-picture support with your data collection, management and utilisation strategies, arrange a preliminary discussion with one of 9Yards’ expert Data Security Consultants.