Data retention policy
Retention Standards
● Each business area is responsible for the information it creates, uses, stores,
processes and destroys, according to the requirements of this policy. The
responsible business is considered to be the information owner.
● The organization’s legal counsel may issue a litigation hold to request that
information relating to potential or actual litigation, arbitration or other claims,
demands, disputes or regulatory action be retained in accordance with
instructions from the legal counsel.
● Information used in the development, staging, and testing of systems shall not
be retained beyond their active use period or copied into production or live
environments.
● Information owners must enforce the retention, archiving and destruction of
information, and communicate these periods to relevant parties.
Retention ‘Active Use’
● ‘Active use’ is defined as secured storage of information such that the
information is generally accessible by authorized users in the ordinary course
of business.
● By default, the retention period of customer content data, who have monthly
subscriptions shall be in an ‘active use’ period for the life of customer
subscription plus thirty (30) days.
● By default, the retention period of customer content data, who have annual
subscriptions shall be in an ‘active use’ period for the life of customer
subscription plus six months.
● The retention period for customer logs shall be 365 days.
● All corporate data shall be in an ‘active use’ period of at least seven years from
its creation.
● After the active use period of information is over in accordance with this policy
and/or its approved exceptions, information shall be archived for a defined
period. Once the defined archive period is over, the information must be
destroyed.
Data archiving and removal policy
Retention Archiving
Archiving is defined as secured storage of information such that the information is
rendered inaccessible by authorized users in the ordinary course of business but can
be retrieved by an administrator designated by company management. Electronic
records must be archived with strict access controls set by the information owner and
appropriate to secure the confidentiality, integrity and accessibility of the information.
● The default archiving period of customer content data shall be 60 days.
● The default archiving period of corporate information shall be 7 years unless an
approved exception permits a longer or shorter period. Exceptions must be
requested by the information owner.
o As a guideline, an archiving period of more than 7 years may be granted
for information with a vital historical purpose such as corporate records,
contracts, and technical/trade secrets.
o As a guideline, an archiving period of less than 7 years may be granted
for information with a limited business purpose such as email, travel
itineraries, pre-trip advisories, or to comply with specific legal,
contractual and/or regulatory requirements (e.g., PCI DSS, GDPR, etc.)
Information Destruction
● Information must be destroyed at the end of the elapsed archiving period.
● All archived customer content data is overwritten once it reaches the end of its
archival period.
● Storage devices are decommissioned by the organization’s hosting
environment provider using the guidelines in NIST 808-88. This includes any
data found on each storage device.
Data storage policy
Data Backup - Sensitive Data (which includes Restricted and Confidential Data).
● Data is stored on Amazon Web Services S3 and RDS.
o S3 contains all files containing media and image.
o RDS contains structured data.
● Backups shall be stored redundantly on across three physically isolated and
resource independent locations to ensure high availability.
● Data Backups shall be performed daily.
o Tests shall be performed nightly with full automation and monitoring to
ensure backups are in a restorable state. Alerts must be system
generated. Engineering monitors the system alerts and resolves any
issues in a timely manner.
Data Backup - Removable Media
● Confidential Data shall not be stored on removable media.
● Restricted Data may be stored on removable media with approval from
Management. The owner of the removable media, where practical, must
ensure that an alternate or backup copy of the information located on the
device exists.
App/service has sub-processors
yes
Guidelines for sub-processors