A look at data retention. Every organisation collects data. Whether it’s the education, e-commerce, banking, or telecom industries, data is collected and stored for business and customer processes.
The amount of data every organisation has collected increases by the minute. Each movement, transaction, sign-up, and so forth, is on the internet as a footprint. This data might be something little, something you didn’t even know was being collected, or it could be personal and confidential. With this growing amount of data being collected, creating and enforcing a data retention strategy is crucial. For many industries in different markets around the world, data retention is regulated and enforced by the government, or governing bodies, which determine how and where you can store this data, and for how long.
What is a data retention regulation?
Data retention regulations, depending on the industry/country/market/governance body, determine how, where, and for how long an organisation can hold data on their customers. In particular, these regulations also dictate how partners, such as SaaS partners, can hold data as well.
In this case, CINNOX is a SaaS platform, and is used by organisations around the world to communicate with their customers – and some of that data is held on CINNOX’s servers on behalf of our partners. Even though the data is encrypted and secure, certain data retention regulations often require that data to be uploaded and transited to our partner’s servers, and then deleted.
For example, a leading financial institution in Hong Kong uses CINNOX to communicate with their overseas customers. According to local data retention regulations for the financial industry, our partner’s customer data can only be encrypted and stored on a SaaS or cloud service platform for a maximum of 14 days. It must then be transited to servers which they fully own, and completely deleted from our servers. This means that no data would be held by CINNOX for longer than 14 days, as the process would occur daily for the data gained 14 days prior.
Every organisation needs a data retention policy
Every organisation should have a policy on data retention which defines when old data should be deleted/archived and how long you will store it for.
In fact, almost all local and international regulations require some sort of data retention policy in place. As a quick guide, below are some of the requirements from major regulations:
- PCI DSS – Requirement 9.8 says that organisations must “destroy media when it is no longer needed for business or legal reasons”.
- GDPR – Article 5(1)(e) says that (in paraphrased terms) only relevant and limited data should be stored, and when no longer relevant, must be erased or rectified without delay
- HIPAA (Health Insurance Portability and Accountability Act) states that data must be stored “at least six years from creation date or last effective date, whichever happens to be later”
Keeping as much data as possible about your customers is not always a good idea. This information is just another added responsibility on top of everything else you’re working on, and in the event of a data breach – organisations need to pay hefty fines. These fines are determined based on how much data was breached – so the more data you have, the bigger the fine.
Read More: Cloud Communications Security
Data retention and CINNOX
Data protection and security is a top priority for CINNOX. Our platform gives your organisation the ability to define when your data archive needs to be transited to your secure file server by a secure tunnel based on the schedule you set.
Available for Enterprise Plan customers, the data retention features encompass several elements:
- Data is only retained on the CINNOX servers for the scheduled period that you define
- Data is backed-up and uploaded to your secure file server using a strong encryption channel (RSA cryptosystem)
- Files are encrypted and saved as a ZIP file with a password before uploading to your secure file server
- You can generate your own encryption keys within the CINNOX system
- All retention logs are available
Read More: What is Data Protection and Why is it Important