PII Retention and Destruction Policy
This Data Privacy Framework (DPF) provides guidance and standards to NetEnrich to identify the process of retaining the PII for the minimum allowable time period to fulfil the identified purpose and also to ensure secure deletion or destruction of personally Identifiable Information (PII) data based on NetEnrich’s approved record retention schedule.
This DPF applies to all departments, and the individuals whose records are maintained by the NetEnrich.
The primary focus of this DPF policy is to retain each collected PII for the minimal allowable time period necessary to fulfill the purpose(s).
To set standards including policies and procedures for:
- Retention of collected PII for the minimum allowable time required to fulfil the purpose.
- Disposing, destroying or erasing PII regardless of the storage method after it passes the retention period and in a manner that prevents loss, theft, misuse or unauthorized access.
- Legally compliant techniques or methods to ensure secure deletion or destruction of PII.
Any exceptions to this policy will require written authorization by the DPO. Any exceptions granted will be issued a policy waiver for a defined period of time.
2. PII Retention and Destruction
- NetEnrich data must be retained, stored, handled, and disposed of in compliance with the applicable regulations.
- Each employee must notify NetEnrich Privacy Governance of any record types that should be added to or removed from the schedule.
- Unless a business, legal, or regulatory need has been identified and communicated through NetEnrich Privacy Governance, no discretion on retention period or destruction dates is permitted. Destruction dates will be automatically calculated based on retention requirements on the approved Records Retention Guideline.
- Routine audits should be performed to ensure that requirements of this Policy are met.
- NetEnrich have agreement with cloud services to purged/retain data as per contract.
- NetEnrich shell ensure that information is securely stored on its information system
- NetEnrich shell erase personal data without undue delay where personal data are no longer necessary.
- Once no longer required, employees should safety dispose of documents or media in shredding receptacles
- Media shall be sanitized prior to disposal or release for reuse.
3. Refresh Schedule
All policies and referenced documentation identified in this policy will be subject to review and possible revision annually or upon request by the NetEnrich and Management.
Policy Revision Log:
|Change Date||Version||Change Description||Organization|