Data Retention Timeline
Hello TSIA Community!
From a Support Services/IT perspective, I'm hoping to get some insight into data retention timelines. I think "case" or "ticket" data should be kept for a minimum of 5 years prior to removal but curious what other timelines people use. I believe that setting a timeframe is good, both from a cost perspective (due to data and search indexing costs) and a knowledge management perspective (moving answers to articles and more relevant searching).
Curious to know if there are others with stricter or looser data retention practices, recommendations, and pros and cons.
Thank you in advance!
Chris
Best Answer
-
My default position is to keep data for as long as possible and use it to identify long-term patterns. Storing data is cheap. Finding it and getting meaning out of it is much more expensive.
We generally keep data for seven years, but on certain applications the logs cover all use form the time the app was spun up.
There is a different point of view inside Ibbaka though. Some people believe that we should only keep data if we have an identified need or legal obligation and that the default should be to purge. This is seen as (i) good security practice and (ii) good hygiene.
This is an ongoing debate internally and I am curious as to what others believe.
My wife and I ae pack racks and we have a lot of books, cloth, old children's toys ... around the house. Sometimes all this stuff is a burden. Sometimes it is gifted to our grandchildren. And occasionally it gets reused as art. There is a deep personality style at play here.
3
Answers
-
There are many factors to consider. In terms of storage, it really can get out of hand depending on the case types. For instance, if it includes attached audio files, images and screen flow videos to troubleshoot issues, that can add up quickly.
When data storage expense is an issue, applying a segmentation strategy can be helpful. For low profile, low risk cases of existing accounts do X (For closed accounts Y). Based on the risk profile (was there an escalation issue for high profile users/accounts), long-term storage may be required to mitigate risk. @Jeremy Dalletezze and @Sara Johnson anything to add here? @Alexander Ziegler what’s your perspective for storing user and/or support case data?
1 -
I think I can add the European perspective @Patrick Carmitchel , and the biggest influence factor is GDPR (and I understood even in the US various states started to implement similar rules as the European GDPR, so the European rules are probably the most important ones to understand).
GDPR has four rules that apply to our discussion: 1) only necessary data should be stored 2) everybody can request to get a report of all data that is stored (I think it is 8-12 weeks companies have to provide the data) 3) everybody can request all data to be deleted once the customer relationship is over (again: 8-12 weeks to accomplish) 4) legal contractual times (e.g. times required in a country to store a contract or invoice etc) are not affected, that means they are treated as part of 1) and you must keep the necessary documentation).
In summary, this means: once the contractual relationship is over, all support data that has any personal information (voice/video/names/phone numbers ...) need to get deleted (removing all personal data could be a solution). And there is the right that everybody can request all stored data. This may sound complex, and I have doubts, that somebody would request all stored support information. But it is clear it can be requested that all get deleted.
1 -
The SR itself lives forever, the attached data files/uploads, however, are deleted a few days after closure.
1