Purpose
The purpose of this document is to ensure the company’s guidelines for retaining different types of data.
Scope
This policy applies to all employees, contractors, subcontractors, consultants, temporaries, guests, and any third party that uses eOne Solutions information assets or information resources and services.
Policy
Reasons for Data Retention
- Litigation
- Regulatory compliance requirements
- Data owner requirement
- Security incident investigation
Retention Requirements
- Operational data can be retained for 1 year
- Confidential data must be retained as long as the information is needed. Its purpose defines the period of retention for this type of data
- Critical data including Tax and VAT: critical data must be retained permanently
- Personal employee data: general employee data will be held for the duration of employment and then for 3 years after the last day of contractual employment. Employee contracts, Candidate CV, Job offer letter, and Onboarding lists will be held for 3 years after the last day of contractual employment
- Contracts with the clients (NDA, MSA, SoW) must be retained permanently
- Bank account documentation must be retained permanently
- Payrolls must be retained for 10 years
- Electronic systems logs are retained for 90 days.
Data Destruction
eOne Solutions responsibility is to perform proper data destruction techniques upon the expiration of the time frame specified above.
Disposal of Information Technology Assets
IT assets, such as network servers and routers, often contain sensitive data about the company’s network communications. When such assets are decommissioned, the following guidelines must be followed:
- Any asset tags or stickers that identify the company must be removed before disposal.
- Any configuration information must be removed by deletion or, if applicable, resetting the device to factory defaults.
- At a minimum, data wiping must be used. Simply reformatting a drive or deleting data does not make methods for data wiping. Alternatively, the company has the option of physically deleting the data unrecoverable.
eOne Solutions explicitly directs users not to destroy data in violation of this policy. Particularly forbidden is destroying data that a user may feel is harmful to themself or destroying data to cover up a breach of law or company policy.
Data Retention and Data Destruction procedure
The review of eOne Solutions terminated contracts for ensuring that all client data was securely purged conducted once a year.
The review of client information for identifying any information that has exceeded its retention period conducted once a year. There are two types of data retention review procedures:
- Customer data retention review. The project manager can agree on what customer’s data should be destroyed due to the terminated contract. Then the Security Engineer is responsible for assigning the task to purge all related data when IT Operations are accountable for executing the request and engaging other departments if needed.
- Employee data retention review. HR is responsible for the procedure implementation.
Disciplinary actions
Employees who violate this policy may face disciplinary consequences in proportion to their violation. Management will determine how severe an employee’s offense is and take the appropriate action.
Change, Review, and Update
This policy shall be reviewed once every year unless the owner considers an earlier review necessary to ensure that the policy remains current. Changes to this policy shall be exclusively performed by the Information Security Manager and approved by the IT Committee.
Responsibility
This is the responsibility of the Information Security Manager to maintain and make sure everyone is aware of this policy.
Revisions
- 19 September 2024
- This policy will be reviewed for continued completeness, relevance, and accuracy at yearly intervals or less.
Need to contact us?
If there are any questions regarding this Data Retention and Destruction Policy, you may contact us using the information below.
4170 41st Avenue South, Suite 101
Fargo, ND 58104
USA
+1 888-319-3663