Chapter 10. Data Retention and Data Purging

Some of us think holding on makes us strong; but sometimes it is letting go.

Hermann Hesse

Overview

So far, we’ve covered approaches to retrieving, storing, accessing, and exposing data as a means of securing and protecting informational privacy. This chapter will explore what to do when data should, for various reasons, be available or retained only for a fixed period, after which availability should either be indefinitely revoked or the data itself should be purged from the system. The notion of “purging” information, which might seem straightforward in analogous paper records contexts, is quite complex in digital-storage contexts where purging practices can take on many flavors. There is a spectrum of approaches that may be taken to handle the purging of records, as well as a set of considerations to weigh in determining the optimal approach for a given set of common constraints and requirements.

What Is Data Retention?

Data retention refers to the implementation of a policy that dictates data is to be removed from a system (or at least made unavailable to general users). This policy framework generally weighs competing sets of interests. On the one hand, there may be legal, privacy, procedural, and other practical constraints (e.g., storage limitations) that militate against holding onto information. On the other hand, countervailing factors including utility, transparency, and economics may tip the scale in favor of extended ...

Get The Architecture of Privacy now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.