How data deletion empowers data protection

Many global privacy regulations have demanded that organizations make data deletion a common practice, rather than just a best practice. "Data deletion itself can be very, very challenging," Han said. "On the business side, teams want to keep the data forever, for unlimited use. On the security and privacy side, we want to limit that usage and retention. So, it's challenging from both a business and technical standpoint."

Implementing a sustainable data deletion program can help organizations reinforce their standards and governance for data deletion, meet regulatory requirements, reduce the risk of data breaches and improve data hygiene overall. While organizations might initially be motivated by data privacy regulations, they often benefit from improving their data governance practice along the way.

Two types of deletion

In general, there are two types of data deletion required by privacy regulations: request-based deletion and/or data retention and purge.

Request-based data deletion

Some privacy regulations grant individuals the right to request the deletion of their personal data. Request-based deletion begins with someone who initiates a data deletion request. The individual's status and relationship with the organization determine whether the request must be honored, what type of data can be deleted upon the request, and whether any exceptions to deletion requirements apply. Data deletion exceptions can include retaining data that is required for service delivery, legal and regulatory reasons, or financial reporting.

1. System inventory: This includes conducting a system/data mapping to document what personal data has been collected and where they are located.
2. Data deletion exception analysis: The privacy or legal team defines data deletion exceptions, and system owners apply those exceptions to their systems.
3. Data Deletion program implementation: Establish front-end request intake channels (such as email address, webform) and backend request fulfillment process, and allocate resources to carry out the process in a pre-defined timeline.
4. Compliance monitoring: Once the program has been set up, the organization will define key performance indicators (KPIs) and check periodically to see if the request-based data deletion has been carried out according to the defined requirements or procedures.

Due to a lack of transparent data deletion governance and ownership, it is not uncommon that a request-based data deletion process is not being adopted consistently by all of the cross-functional teams or system owners in an organization.

Data retention and purge

Data retention and purge are more focused on deleting data according to an organization’s schedules. While most organizations have a retention policy and schedule, organizations are often inconsistent in completing the data deletions or they do not conduct data purges at all. Many organizations have made progress on data retention and purge programs due to the rising privacy requirements. They are also facing common challenges:

Organizations often lack a dedicated data retention governance team to provide data retention and purge oversight.

• Organizations tend to struggle with rationalizing retention requirements from various jurisdictions.
  • Organizations tend to overlook the effort required to translate retention schedules to how the schedule can be implemented at the systems and database levels.
  • There is a lack of data protection talents with knowledge of both privacy and technology to bridge the knowledge gaps between legal and technical requirements.
  • Many organizations fail to monitor the effectiveness and accuracy of data purge once the retention program is place.

Often, a data retention or purge program is not implemented because the retention schedule based on legal requirements is not translated to functional or technical requirements that can be operationalized for applications or databases. This gap can be difficult to close because the organization’s data typically spread across multiple teams and systems with various technical processes and configurations.

Data retention and purge implementation

To truly ensure consistency and compliance, organizations should implement data retention and purge programs that are designed for sustainability. Effective program implementation typically involves four steps described by the diagram below:

Each of the four steps involves key teams and serves an important purpose:

1. Rationalize requirements: This can include the legal privacy team identifying the retention obligations and compiling a global set of retention schedules with a risk-based approach. This global set of retention schedules can help streamline implementation, since data stored in the system are usually not segregated by regions.
2. Legal hold analysis: The legal or litigation team identifies legal hold requirements and data retention exemptions. If specific data are subject to a legal hold, they must be maintained or retained for longer than the retention period.
3. Implementation: This is usually a business or IT effort to analyze the retention and legal hold requirements, then apply to the system level. The purge process could be manual or automated.
4. Compliance monitoring: This lets the organization check periodically to see if the data purge has been carried out according to the defined requirements, or if the purge has introduced any data integrity issues.

Contact: