Can you imagine the amount of data different companies have collected about you over the years? Every move you make on the internet leaves traces, which can put you at risk. Since data breaches happen every day, data retention policies have become an integral part of any organization. But what do they protect: customers or enterprises?
Jul 28, 2021 · 4 min read
Data retention is a process of storing and managing data for a certain period of time. Let’s say you bought a pair of sneakers online. The seller has your name, email, home address, telephone number, purchase history, and login credentials. They can retain that information for a long time after your purchase. And while this data might seem trivial, if it leaked online it could be enough for hackers to launch a social engineering or phishing attack against you.
In 2020, a startling 37 billion records were exposed online, compared to 15 billion in 2019. A big chunk of breached records ended up for sale on the dark web. Stolen databases are very popular among criminals and you can expect to pay anything from a couple of bucks to thousands of dollars for a single database.
A data breach is a nightmare for any company, as it can cause revenue losses, a damaged reputation, and hefty fines.
Data retention policies define how customer data should be managed and which records should be kept. And yet many companies fail to protect users’ data or store it properly.
According to GDPR (General Data Protection Regulation), a regulation in the EU on data protection, data should be kept “no longer than necessary”. Since it doesn’t specify a retention period, companies can interpret GDPR however they like.
Many data breaches contain old records that should’ve been deleted years ago. Since people don’t change their telephone number and address frequently, 10-year old data can still be useful to hackers.
Under HIPAA (Health Insurance Portability and Accountability Act), healthcare-related documents in the US can be kept for six years after their creation. If a document was created in 2021, it could be stored until 2027.
When a company stores your data, you have to depend on their ability to keep it safe. Even tech giants like Facebook fail to protect their users’ data and frequently suffer breaches. What threats does your data face?
It’s impossible to avoid sharing your information with companies if you want to use their services, but you can still act smart. Never share more information than you need to, dedicate a separate email to creating accounts, and don’t duplicate the same password.
It’s hard to find a person whose details have never been exposed in a data breach. Want to know if you’ve been affected? You can check the Have I been pwned website and see for yourself.
One of the best tools to enhance your privacy is a VPN. It encrypts your internet traffic and hides your IP address, so nobody can snoop on your browsing data. NordVPN has more than 5200 servers in 59 countries, designed to address your security needs.
The NordVPN app is easy to navigate, so you can connect to the fastest server available with one click. With a single account, you can protect up to six different devices: laptops, smartphones, tablets, routers, and more.