Secure data should have an agreed life cycle. This will be set by a data authority when working in a commercial context, and it will dictate what state the data should be in at any given point during that life cycle. For example, a particular dataset may be labeled as sensitive - requires encryption for the first year of its life, followed by private - no encryption, and finally, disposal. The lengths of time and the rules applied will entirely depend upon the organization and the data itself - some data expires after just a few days, some after fifty years. The life cycle ensures that everyone knows exactly how the data should be treated, and it also ensures that older data is not needlessly taking up valuable disk space or breaching any data protection laws.
The correct disposal of data from secure systems is perhaps one of the most mis-understood areas of data security. Interestingly, it doesn't always involve a complete and/or destructive removal process. Examples where no action is required include:
As opposed to the examples where some effort is required, leading to the potential for mistakes to be made:
When you secure your data, start thinking about your disposal strategy. Even if you are not made aware of any organizational rules in existence (in a commercial environment), you should still be thinking about how you are going to make sure the data is unrecoverable when access is no longer required.
3.144.31.163