February 2021
A fundamental principle of data privacy and security is that information that is not necessary for the business should not be kept. This principle is known as data minimization, and it is meant to protect against unnecessary and disproportionate harm in the event of a security breach. The most common method used to minimize data is to enact and enforce data retention and data deletion policies across an organization.
Data should be deleted when it is no longer needed for authorized purposes. The period of time that information remains necessary for authorized purposes, however, is not standardized across organizations, industries, or operations. Determining the appropriate time period requires an underlying knowledge of the data a company has, how that data is classified (for example, if it includes personal information), how that data is used in the business, and any laws applicable to its retention. The most common means of determining this time period is through the process of developing and documenting data retention policies and schedules.
A data retention policy is a corporate policy that goes beyond statutory legal requirements, and directs operations about which information the company should retain, delete, or retain for a period and then delete. For data that is permitted under policy to be retained for a given period of time and then must be deleted, the retention period is generally documented in a data retention schedule. Both the policy and the schedule should reflect the types of data the company has, the laws applicable to its retention, and the risk position of the company.
There are a variety of methods for deleting data. These methods vary in effectiveness, from simply pressing the Delete button on a personal computer to manual destruction of the media on which the data is stored. The best method of data deletion can be determined based on the type and nature of the data and the risk associated with its exposure.
NetApp does not have a business need for data stored on drives that customers return for support. To the extent possible, customers are instructed to delete, encrypt, or render irrecoverable all data stored on returned media before it is returned, with the exception that warranty returns should not be degaussed as a means of accomplishing this deletion. In some circumstances, customers may not be able to delete the data. In these cases, NetApp follows a process for overwriting data on returned drives and solid-state drives to ensure that no data remains on them. If a returned unit is a field replaceable unit, it will be cleared using an automated process consistent with the NIST SP 800-88 guidelines for media sanitization, before being returned to the OEM or scrapped.
