Gentle Privacy and Security Reminder
for Organizations šš:
One of the easiest way for your organization to not have data stolen in a data breach, is simply to not have this data.
One of the easiest way to save your organization future headaches and costs is to simply delete thoroughly the data you do not need anymore as soon as you do not need it anymore.
Whenever possible, it's even better to not collect it at all in the first place.
You might need to retain some data of course, but when an incident occurs, you will greatly reduce the harm, damage, and cost if you keep only the minimum data required.
You cannot be held accountable for the data you simply do not have.
Keep this in mind! āļøāØ
@Em0nM4stodon That kinda depends on the kind of business. The US Banking Secrecy Act requires all companies dealing with the transfer of money to keep PII for seven years. A similar law in the EU requires it be kept for 10 years, and Australia requires 99 years. In the US, PHI has to be kept for 6 years.