Purpose
Personally Identifiable Information (PII) Retention and Destruction Policy is defined to manage and govern the complete life-cycle of Personal Identification Information (PII).
Scope
This policy applies to all kinds of data that can be categorized as Personal Identifiable Information (PII). This data could be the data of Event Hub Employees, Customers, Contractors, Vendors, and other relevant stakeholders. It covers all kinds of storage media but not limited to cloud, remote storage, on-premise storage, or even paper-based records.
Terms and Definitions
Personal Identifiable Information(PII)
Any information about an individual maintained by an agency, including
(1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and
(2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
Policy
Periodic Health and Sanity Checks
Storage Media should be properly checked for any unidentified software, malware, or middleware to ensure the security and privacy of data.
Proper sanity checks and audits should be performed to observe the consistency in the growth rate of data and different transactions that are performed on the data.
Logs Monitoring
Proper log monitoring tools should be deployed on any data storage (offline or online).
These logs should be monitored on a regular basis and where applicable relevant rules should be applied to inform the respective stakeholders in case of any abnormal behavior.
These logs should be applied to all actors including users, systems, and any third-party integration adapters.
Access Control
Proper Role-Based Access Control (RBAC) mechanism should be controlled in line with the Access Management Policy.
Any access to users, systems, and third-party API users should also follow the guiding principles defined in the Access Management Policy.
Direct access to any Database or data entity shouldn’t be provided to any third-party application. Only application-to-application communication should be allowed.
Contracts and Legality
Proper Contracts and NDAs should be signed with the service provider (either on the cloud on on-premise).
In case of any breach from the Data hosting service provider; proper legal actions should be taken in line with the relevant rules and law.
Disaster Recovery
Although Event Hub should follow the Business Continuity Policy, in addition to that it must also be ensured that the Storage Service Provider has the right capability to ensure the security and recovery of data in case of any mishap at the media level.
Encryption
Whenever necessary the sensitive data including passwords or any security keys should be encrypted.
Security
Physical security includes physical access to data centers and related facilities.
Remote Security mentions the security of software, and databases through any online or offline access media.
Data Retention Duration
Any change in the data retention duration (or time window) shouldn’t be applied without prior approval from respective stakeholders.
Data retention duration shouldn’t be changed without prior approval through a pre-defined process.
Removal of Data
The data that goes beyond the maximum retention period should be removed properly without any impact on existing data or systems behavior.
It should be ensured that a properly tested and where applicable script/program or tool should be applied.
In case a tool or automated way is used, it is also possible that data could be removed and there could be an error. It must be ensured that we have the proper mechanism to restore the data that was not supposed to be removed.
Related Policies
Access Management Policy
Security Management Policy
Incident Management Policy
Data Management procedure.