Building a foundation of trust through robust security.
Fundamental principles of privacy and data security state that information that is not necessary for the business should not be kept. This principle is known as data minimization, and it is designed to protect against unnecessary and disproportionate harm in the event of a breach. The most common method used to minimize data is to enact and enforce data retention and deletion policies across an organization.
Data should be deleted when it is no longer needed for authorized purposes. The period of time that information remains necessary for authorized purposes, however, is not standardized across organizations, industries, or operations. Determining the appropriate time period requires an underlying knowledge of the data a company has, how that data is classified—for example, if it includes personal information— how that data is used in the business, and any laws applicable to its retention. The most common means of determining this time period is through the process of developing and documenting data retention policies and schedules.
A data retention policy is a corporate policy that goes beyond statutory legal requirements and directs operations on which information the company should retain, delete, or retain for a period and then delete. For data that is permitted under policy to be retained for a given period of time and then must be deleted, the retention period is generally documented in a data retention schedule. Both the policy and the schedule should reflect the types of data the company has, the laws applicable to its retention, and the risk position of the company.
There are a variety of options available for the purpose of deleting data. These vary in effectiveness, from merely hitting the ‘delete’ button on a personal computer to manual destruction of the media on which the data is stored. The method of deletion can be determined based on the type and nature of the data in question and the risk associated with its exposure.
NetApp recognizes that it does not have a business need for data stored on drives that customers return for support. To the extent possible, customers are instructed to delete, encrypt, or render irrecoverable all data stored on returned media before it is returned, with the exception that warranty returns should not be degaussed as a means of accomplishing this. In limited circumstances, customers may be unable to do this. In these cases, NetApp follows a return overwrite process designed to ensure that no data remains on returned hard drives and solid state drives. If a returned unit is a field replaceable unit, the returned unit will be cleared using an automated process consistent with the NIST 800-88 guidelines for media sanitization, before being returned to the OEM or scrapped. For more information, refer to the NetApp support page on the RMA process.