Growing up we had a ‘store room’. It was a magical place full of various jams, wines, empty jars & plastic tubs, flour, sugar, canned fruit, and many things I no longer remember. No windows and a light on a pull string rather than a switch. It had a certain smell to it as well, distinct from other rooms in our house. In addition to the food and jars for next year’s food, it was the home of ‘things that might be useful one day’. Some things actually were, but most wasn’t.
Most homes have such a place. Perhaps not a room, but a cupboard or drawer. Or perhaps more than one. Things we keep, which would be better served to be recycled or discarded.
We often take a similar approach to data about people. We keep it. And we store in hard drives and servers in rooms that have a distinct smell to them. Part of our brain knows we would be better off deleting it, but the other part says it might be useful one day.
Some of the things we kept in the store room were useful. As a kid it was a bit of a treasure trove. The difference between the physical world of the store room and the digital world of data is that our store wasn’t full of personal things. Data has a long tail. It stays around for a long time and leaves little crumbs behind on its travels. And now we are able to connect those crumbs with other ones and use them for harm.
Just like it was hard for us to throw out potentially useful things, deleting data after the purpose for which it was collected is fulfilled is one of the hardest actions to execute in data governance. Important actions often are.
The choice is up to us.