![Page 1: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/1.jpg)
Effective Data Retention: How To Minimize Your Privacy Risks And Maintain Regulatory Compliance
![Page 2: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/2.jpg)
Leader in E-Discovery, Data Inventory, Data Retention, Data Privacy & Cybersecurity
Compliance
Years in Market:
• Exterro 15 +
• Jordan Lawrence 30 +
• 500+ Global Clients
![Page 3: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/3.jpg)
Legal GRC Platform
D A T A I N V E N T O R Y
INFORMATIONGOVERNANCE
E-DISCOVERYDATAPRIVACY
D A T A A N A L Y S I S
D A T A C O N N E C T O R S
LEGALHOLD
IN-PLACEPRESERVATION
DOCUMENTREVIEW
DATA SUBJECTACCESS
REQUESTS
PRODUCTIONPIA/DPIACONSENTMANAGEMENT
COLLECTIONAND
PROCESSING
IN-PLACEEARLY CASE
ASSESSMENT
EMPLOYEECHANGE
MONITOR
FILEANALYSIS
DATAMAPPING/
INVENTORY
3RD PARTYRISK
PROFILING
INCIDENTAND BREACH
MANAGEMENT
DATARETENTION
POLICYMANAGEMENT
O R C H E S T R A T E D W O R K F L O W
![Page 4: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/4.jpg)
Panelists
Robert Fowler, CIPP USDirector of Strategic Partnerships
Exterro
Thomas HamiltonChief Privacy Counsel
Boston Scientific
![Page 5: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/5.jpg)
In this webcast our panel will review…
The passing of CPRA in November
Data retention requirements and what
this means for your organization
How to implement data
minimization strategies
that protect your
company's data and your
organization
![Page 6: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/6.jpg)
THE CASE FOR DATA DELETION
![Page 7: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/7.jpg)
LitigationData
Privacy
Data Breach
![Page 8: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/8.jpg)
It’s the Law
![Page 9: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/9.jpg)
CCPA 2.0California Privacy Rights Act
[Ballot Initiative]
![Page 10: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/10.jpg)
Over Retaining Personal Data Is A LIABILITY
75% OF RECORD TYPESWITH PERSONAL DATA ARE OVER RETAINED
![Page 11: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/11.jpg)
Over Retaining Personal Data is NEGLIGENT
![Page 12: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/12.jpg)
THE CHALLENGE
![Page 13: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/13.jpg)
… BUT RETENTION PERIODS
AREN’T DEFINED BY TYPES
OF PERSONAL DATA.
PRIVACY REGULATIONS
REQUIRE DATA RETENTION
& DISPOSITION...
![Page 14: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/14.jpg)
Retention Regulations Always Based on Context of Collection
RECRUITING RECORDS BENEFITS ENROLLMENT CUSTOMER SERVICE
![Page 15: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/15.jpg)
How to go from Regulations… To Data?
![Page 16: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/16.jpg)
DEFENSIBLE DATA DELETION: THE
PROCESS
![Page 17: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/17.jpg)
The Foundation for Defensible Retention & Deletion
DATAINVENTORY
S T E P 1
RETENTION RULES
S T E P 2
`
ONGOING ENFORCEMENT
S T E P 4
LEVERAGETECHNOLOGY
& PEOPLE
S T E P 3
4 Steps to Defensible Retention
✓ WHAT DATA YOU HAVE
✓ PERSONAL DATA ELEMENTS
✓ WHERE IT EXISTS
✓ WHO YOU SHARE IT WITH
✓ BUSINESS NEEDS
✓ RETENTION REGULATIONS
![Page 18: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/18.jpg)
Scan Email Web Application
Dependents/Beneficiaries | Employees – Current | Employees – Former | Prospects
Drug Screening RecordsEmployee Document SubmissionsPayroll RecordsBackground Checks
Paper
AUT7 Years
BEL5 Years
NLD5 Years
ITA5 Years
USA7 Years
Benefits | Payroll | Recruiting | EH&S | Training & Development | Employee Relations
BUSINESS PROCESS
HR - ONBOARDING
APPLICABILITY
PERSONAL DATA
COLLECTION
DATA SUBJECTS
APPLICATIONS
DEPARTMENTS
LOCATIONS
THIRD PARTIES
RETENTION
Social Security # | Drivers’ License # | Biometric Identifier | Aptitudes | Bank Routing # | Military Status | Certifications
Laptops File Cabinets
![Page 19: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/19.jpg)
BUSINESS PROCESS
CUSTOMER SERVICE - CUSTOMER REQUESTS & COMPLAINTS
APPLICABILITY
PERSONAL DATA
Web
Form EmailWeb
ApplicationCOLLECTION
Current Customers | Past CustomersDATA SUBJECTS
APPLICATIONS
Financial Shared Services | Customer Care | Loss Prevention | Marketing
Transportation | IT - eCom | Legal | Service Repair | Strategic Sourcing Technology | Total Rewards | Travel
DEPARTMENTS
LOCATIONS
THIRD PARTIES
RETENTION
LaptopsFile Cabinets
Birth Date | Driver's License Number | Email Address | Family Information First / Last Name |
Gender | Marital Status | Mobile Device / Serial # | Partial SSN Phone Number | Physical Address | Bank Routing Number | Social Security #
Personal Archive
USA10 Years
Phone / Call Center
ElectronicFile
Shared Drives
Customer OrdersCustomer ComplaintsWarranty Information
![Page 20: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/20.jpg)
HOW DO YOUGET THERE?
![Page 21: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/21.jpg)
Building an Actionable Data Inventory
1. Identify & Profile Business Processes
2. Link to Record Types
3. Understand Retention Requirements
4. Gain Visibility & Demonstrate Defensibility
5. Address Over-Retention of Personal Data
![Page 22: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/22.jpg)
Global Retention Considerations
AUT
7
BEL
10
BGR
50
CHE
10
CZE
10
DEU
6
DNK
10
ESP
15
FIN
10
FRA
5
GBR
6
HUN
5
IRL
6
ISL
7
ITA
10
LIE
30
LUX
30
NLD
5
NOR
10
POL
10
PRT
20
ROU
10
SVK
3
SW
10
USA
6
AUT
25
BEL
10
BGR
5
CHE
10
CZE
3
DEU
10
DNK
10
ESP
15
FIN
10
FRA
5
GBR
6
HUN
5
ISL
4
ITA
10
LIE
30
LUX
30
NLD
5
NOR
10
POL
10
PRT
20
ROU
10
SVK
3
SW
3
USA
10
AUT
40
BEL
15
BGR
10
CHE
30
CZE
40
DEU
10
DNK
10
EST
40
FIN
40
FRA
50
GBR
40
HUN
10IRL
40
ISL
40
ITA
40
LIE
10
LUX
10
NLD
15
NOR
60
POL
20
PRT
10
ROU
40
SVK
5
SW
10
USA
5
EST
-
LTU
-
EST
-
LTU
40
Benefit Enrollment & Participation Records
Reported Retention-(9), 0(7), 1(1), 2(3),
5(1), PERM(9)
Employee Medical Records
Reported Retention-(8), 0(4), 1(2), 4(1),
5(5), 7(3), 10(3),
PERM(16)
Employment Equality Compliance Records
Reported Retention-(1), 0(1), 2(1),
PERM(2) EST
3
IRL
6
UKR
6
LVA
-
LVA
40
UKR
-
LTU
10
LVA
10UKR
3
![Page 23: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/23.jpg)
Five questions to ask your team
1. Can you confidently state you know where all your data is stored?
2. Do you know who owns that data and what certifications (ISO, NIST) apply to it?
3. Do you know what regulations govern the data you have stored and any associated risks?
4. Can you easily and quickly respond to requests for data (DSAR, e-discovery, breach notification, etc.)?
5. Do you know what 3rd Parties have access to your data and what they do with it?
![Page 24: Effective Data Retention: How To Minimize Your Privacy](https://reader034.vdocuments.net/reader034/viewer/2022042302/625abcdfa8b5fd52847eb581/html5/thumbnails/24.jpg)
Q&A with The Panelists
Robert Fowler, CIPP US/GDirector of Strategic Partnerships
Exterro
Thomas HamiltonChief Privacy Counsel
Boston Scientific