A financial institution is implementing a data retention policy to comply with regulatory requirements. The policy must ensure that transaction records are retained for 7 years and then securely destroyed. Which of the following is the BEST approach to implement this policy?
Trap 1: Encrypt all records and destroy the encryption keys after 7 years
Encrypting and key destruction can be effective, but it does not ensure complete destruction if keys are backed up or if data is still recoverable through other means.
Trap 2: Move records to a separate archive and delete the directory pointers
Deleting pointers does not remove the underlying data, which may still be recoverable.
Trap 3: Manually review and delete records after 7 years
Manual review is error-prone and inefficient for large volumes.
- A
Encrypt all records and destroy the encryption keys after 7 years
Why wrong: Encrypting and key destruction can be effective, but it does not ensure complete destruction if keys are backed up or if data is still recoverable through other means.
- B
Automatically purge records using a data management tool that overwrites data after the retention period
Automated purging ensures consistent and timely destruction, reducing human error and ensuring compliance.
- C
Move records to a separate archive and delete the directory pointers
Why wrong: Deleting pointers does not remove the underlying data, which may still be recoverable.
- D
Manually review and delete records after 7 years
Why wrong: Manual review is error-prone and inefficient for large volumes.