Do you know how to destroy your data securely?
Author: Paul Clough
- Service Data and AI
- Date 07 March 2023
In this final part of our data ethics series, we look at what data destruction is and how you can comply with GDPR required actions.
The data lifecycle starts with the capture of data and ends with how we destroy it. In this post we look at why planning for data destruction is such an important part of an ethical and responsible data management programme.
What is data destruction?
Data Destruction is included as a form of data processing under UK General Data Protection Regulation (GDPR). When it comes to data destruction, GDPR gives people the option to have their personal data deleted. It also requires that data is kept for no longer than is necessary and that it’s handled in a way that prevents unlawful or unauthorised processing. For these reasons, organisations must have robust data destruction policies.
Minimising both the amount of data you keep, and how long you keep it, is best practice for protecting privacy and lessening the impact of any future data breaches. Methods of data destruction should be permanent and irreversible for both physical and digital data and information.
Be clear at the start
Establishing user expectations around data is crucial. Before a user even opts-in, they should be informed of the following things: when their data is being collected, what the purpose of collecting the data is, how long that data will be held and when (or if) it will be destroyed.
Ask yourself: Have you made it clear how long any data will be used and when/if it will be destroyed before receiving user consent?
Meeting Data Destruction Expectations
Planning is essential to ensure there are no disruptions to destroying the data by the required date. It’s important to consider that different types of data will have different methods of storage. There may also be different levels of security for the data or there may be other requirements that will need to be satisfied so the data can be destroyed. If organisations don't purge data properly, the danger is that there may be traces of information left behind that no longer have protection.
- Have you established expectations and timeframes that you can meet in order to get maximum value from data before it’s destroyed?
- Have you got the relevant policies in place to destroy all types of physical and/or digital data effectively and permanently?
A final part of any data destruction policy should include procedures for routinely checking archives. This is to make sure there are no traces of purged data, or data that is no longer providing use and could be destroyed.
Reviewing databases for existing, but irrelevant data, benefits an organisation in multiple ways. Regular reviewing of data prevents you from exceeding data deletion requirements and reduces the impact of potential data breaches. It also helps with the user experience because reducing the volume of stored data makes it easier for the user to find, search and interrogate data.
- Do you currently have old data that could, or should, be destroyed?
- What is the need and purpose for retaining data?
Three Key Actions
- Stop disposing of sensitive data through the methods of file deletion, disk formatting, and “one way” encryption. These leave the majority of the data intact and able to be retrieved with the right tools.
- Create formal, documented processes for data destruction within your organisation and require that partner organisations do the same.
- Review and purge your databases of any out of date or old data.
If you’re interested in the work we do with data, get in touch with our data team.