Amirhossein Saberi
November 17, 2021
•
5
min read
A look at data retention. Every organisation collects data. Whether it’s the education, e-commerce, banking, or telecom industries, data is collected and stored for business and customer processes.
The amount of data every organisation has collected increases by the minute. Each movement, transaction, sign-up, and so forth, is on the internet as a footprint. This data might be something little, something you didn’t even know was being collected, or it could be personal and confidential. With this growing amount of data being collected, creating and enforcing a data retention strategy is crucial. For many industries in different markets around the world, data retention is regulated and enforced by the government, or governing bodies, which determine how and where you can store this data, and for how long.
Data retention regulations, depending on the industry/country/market/governance body, determine how, where, and for how long an organisation can hold data on their customers. In particular, these regulations also dictate how partners, such as SaaS partners, can hold data as well.
In this case, CINNOX is a SaaS platform, and is used by organisations around the world to communicate with their customers – and some of that data is held on CINNOX’s servers on behalf of our partners. Even though the data is encrypted and secure, certain data retention regulations often require that data to be uploaded and transited to our partner’s servers, and then deleted.
For example, a leading financial institution in Hong Kong uses CINNOX to communicate with their overseas customers. According to local data retention regulations for the financial industry, our partner’s customer data can only be encrypted and stored on a SaaS or cloud service platform for a maximum of 14 days. It must then be transited to servers which they fully own, and completely deleted from our servers. This means that no data would be held by CINNOX for longer than 14 days, as the process would occur daily for the data gained 14 days prior.
Every organisation should have a policy on data retention which defines when old data should be deleted/archived and how long you will store it for.
In fact, almost all local and international regulations require some sort of data retention policy in place. As a quick guide, below are some of the requirements from major regulations:
Keeping as much data as possible about your customers is not always a good idea. This information is just another added responsibility on top of everything else you’re working on, and in the event of a data breach – organisations need to pay hefty fines. These fines are determined based on how much data was breached – so the more data you have, the bigger the fine.
Read More: Cloud Communications Security
Data protection and security is a top priority for CINNOX. Our platform gives your organisation the ability to define when your data archive needs to be transited to your secure file server by a secure tunnel based on the schedule you set.
Available for Enterprise Plan customers, the data retention features encompass several elements: