Perl Street Data Management and Retention Policy
Overview
This policy details the protocols and measures that Perl Street, Inc. employs to oversee the entire data lifecycle, from the point of creation or acquisition through to retention and eventual deletion.
Policy Statements
- 1. At the point of creation or acquisition, data should be added to the data inventory and categorized following the data classification model.
- 2. A data inventory outlining all critical data and its classifications shall be maintained and reviewed at least annually.
- 3. All data, regardless of classification, shall be handled according to any privacy regulation that may apply to it.
- 4. Customer data must be retained according to the data retention policy, and securely deleted once there is no business, legal, or regulatory need for it.
- 5. All data backups must be tested at least annually for integrity.
- 6. Unless otherwise dictated by the data classification requirements, particular regulations, or a contractual agreement, all security documents and audit logs are maintained as a standard for at least 5 years.
Data Classification Model
Data Classification Level
Description
Examples
Handling Requirements
Public
Data intended for public dissemination
Marketing materials, public website content, pricing information
No special handling required, freely distributable
Confidential
Data sensitive to business operations or personal information of individuals.
Internal memos, business contracts, financial statements and reports, customer names, email addresses
Restricted to specific personnel, Encryption recommended when stored or transmitted, must comply with privacy regulations
Secret
Data that would severely harm the business if breached
Source code, Data base credentials, proprietary algorithms
Very restricted access, MFA required, Regular audits and reviews
Data Retention
All customer data is retained indefinitely so long as the customer account is in good standing. Should the customer account need to be terminated for any reason, data will be retained for at least 30 days, in order to allow the customer to bring their account back into good standing.
Data Deletion
Customers can request to have their data deleted by emailing team@perlstreet.com. Once the data deletion request has been received, all customer data that the Company does not have a legal or business obligation to retain will be deleted within 30 days.