Data Policies

Data Policies
Data policies provide a framework for how decisions should be made regarding data.
Data policies are high-level statements and need more detail before they can be used. Each data policy may be supported by one or more data standards.
Data policies are part of your framework for how you govern data.
Types of Data Policy
Privacy Policy
A privacy policy states the ways a party gathers, uses, discloses, and manages data. The policy may be include sections for customer, suppliers, employees and other 3rd Party Data. The privacy policy should state what information is collected, how it will be stored and processed and how long it will be retained for. It will be linked to your other policies e.g. retention, archiving and deletion / destruction.
Retention Policy
Retention policies state what types of data are held and how long they are held for. Some retention policies will be driven by legislation. i.e. the need to retain financial accounts.
A retention period is an aspect of records and information management and the records life cycle that identifies the duration of time for which the information should be maintained or "retained," irrespective of format
Archiving Policy
Archiving is a process of moving data that is no longer actively used to a separate storage device for long-term retention.
Deletion / Destruction Policy
This will include how data will be destroyed for different data formats.
Paper records - cross cut shredding, burning.
CD's - Shredding media
Hard Drives - wiping and destruction methods
Solid state drives - crypto shredding and erasure methods. Many government and industry standards exist for software-based overwriting to remove the data.
Storage Policy
The data storage policy states how to control and manage data within the organisation.
It will state where data is stored and in what formats.
Data Classification Policy
These policies determine how to classify data and what classifications to use. There may be multiple classifications and associated document markings to control the access and distribution to data. The classification policy will have strong links to the metadata policy as the classifications will be metadata categories in their own right and some types of metadata may be required in order to create and execute rules based on the data classification.
Metadata Policy
There are three main categories of Metadata.
Structural
Structural metadata refers to how data is formatted and assembled.
Structural metadata is how data is built.
Descriptive
Descriptive metadata is how data is identified. This includes things such as a title, date or keywords.
Administrative
Administrative metadata gives important instructions about a file. It informs what type of restrictions are to be placed on the file, such as who can access it or not. Data marking and classification policies are a good example of this.
Metadata policies define how the metadata in these groups are used and how.