How long should organisations keep data for?
The Data Protection Act says that information should be kept for no longer than is necessary. The Act does not specify what a ‘necessary’ period should be for particular information. Each case would be considered on its own merits. If an organisation is obliged to retain data for a given length of time under any other laws, this should be taken into consideration. For example, financial institutes may have to keep some information for up to six years in accordance with the Financial Services Authority regulations. A sole trader, however, may not need to keep information for longer than a month.
Related Questions
- With NSDI in the background, are there security issues involved in sharing data with civilian agencies/organisations?
- How was data collected by organisations (e.g. governments & businesses) before modern technology?
- Where can I find data about number of volunteer involving organisations and charities?
