Data Destruction Policies
Data destruction policies state how data must be destroyed when it reaches the end of its life cycle.
- Organizations must destroy paper and electronic data when it is no longer needed
- For electronic data, this means destroying it in primary and backup storage systems
- influenced by federal and state laws
- to create data retention and destruction policies:
- must know how its IT resources work
- must know what data is stored
- must know how to retrieve that data
- must know how to remove data
Elements
- Identify data ready for destruction
- Specify proper destruction methods for different kinds of data or storage media
- Provide validation procedures to make sure data is properly destroyed
- Provide consequences for improper destruction