Chapter 4: Information Management and Privacy Risk Management

The Data Life Cycle

Data should be managed across its life cycle - creation, storage, sharing and usage, archival, and deletion - because privacy-protecting approaches at one stage may not fit another, and legal requirements can attach at different stages.

Data creation
Data storage
Data sharing and usage
Data archival
Data deletion

Approaches that protect privacy at one stage may not be appropriate at another, and legal requirements can attach at different points. For example, numerous states have data destruction laws (Chapter 7) that mandate requirements at the last stage - deletion.

Order the stages

Create -> Store -> Share/Use -> Archive -> Delete. Retention and destruction obligations live at the end of this chain.

Key terms - quick answers

What is “Data life cycle”?

The stages data moves through: creation, storage, sharing and usage, archival, and deletion.

What is “Data destruction laws”?

State laws (discussed in Chapter 7) that mandate requirements in the deletion stage of the data life cycle.

← Privacy Team Roles - CPO, DPO, and Others Data Inventory and Data Classification →