Perl Street Data Management and Retention Policy

Overview  

This policy details the protocols and measures that Perl Street, Inc. employs to oversee the  entire data lifecycle, from the point of creation or acquisition through to retention and eventual  deletion.  

Policy Statements  

  1. 1. At the point of creation or acquisition, data should be added to the data inventory and  categorized following the data classification model.  
  2. 2. A data inventory outlining all critical data and its classifications shall be maintained and  reviewed at least annually.  
  3. 3. All data, regardless of classification, shall be handled according to any privacy  regulation that may apply to it.  
  4. 4. Customer data must be retained according to the data retention policy, and securely  deleted once there is no business, legal, or regulatory need for it.  
  5. 5. All data backups must be tested at least annually for integrity.  
  6. 6. Unless otherwise dictated by the data classification requirements, particular  regulations, or a contractual agreement, all security documents and audit logs are  maintained as a standard for at least 5 years. 

Data Classification Model

Data Classification Level
Description
Examples
Handling Requirements
Public
Data intended for public dissemination
Marketing materials, public website content, pricing information
No special handling required, freely distributable
Confidential
Data sensitive to business operations or personal information of individuals.
Internal memos, business contracts, financial statements and reports, customer names, email addresses
Restricted to specific personnel, Encryption recommended when stored or transmitted, must comply with privacy regulations
Secret
Data that would severely harm the business if breached
Source code, Data base credentials, proprietary algorithms
Very restricted access, MFA required, Regular audits and reviews

Data Retention  

All customer data is retained indefinitely so long as the customer account is in good standing.  Should the customer account need to be terminated for any reason, data will be retained for at  least 30 days, in order to allow the customer to bring their account back into good standing.  

Data Deletion  

Customers can request to have their data deleted by emailing team@perlstreet.com. Once the  data deletion request has been received, all customer data that the Company does not have a  legal or business obligation to retain will be deleted within 30 days.