What does NOT need to be considered when determining the retention schedule for sensitive personal data?
What does NOT need to be considered when determining the retention schedule for sensitive personal data?
When determining the retention schedule for sensitive personal data, considerations typically include business needs, the amount of data, and regulatory requirements, as these factors influence how long data should be retained to meet operational goals and legal obligations. Storage capacity, on the other hand, is more of a logistical concern rather than a determinant for how long data should be kept. It primarily affects how data is managed physically rather than the legal or business rationale for its retention schedule.
Storage capacity relates to the technical aspect of data management and does not directly impact the determination of retention schedules for sensitive personal data. However, the other options listed—business needs, amount of data, and regulatory requirements—are crucial factors to consider in establishing retention schedules for sensitive personal data
1. The first consideration for data retention is always regulatory compliance (Regulatory requirements) 2. Organizational need with justification in the policy 3. Amount of data -not too much of something or not too little-Goldilocks