Why Your Agency Needs a Data Purge Policy

Creating a data purge policy can be an essential part of your agency’s spring-cleaning process. A data purge policy should help keep your data organized, relevant, and compliant with current regulations.

Here are some key steps and things to know when creating a data purge policy:

1. Identify what data needs to be purged.
   Start by identifying the types of data your agency collects, processes, and stores. This could include customer information, policy details, financial data, and more. For example, “old” customer data, expired contracts, or marketing materials.
2. Understand how and where the information is stored.
   It will be extra helpful and important if data is entered and stored the same way. The length of time you need to retain data may be determined by regulatory requirements, legal obligations, or business needs. Create a retention schedule that outlines how long each type of data will be kept before it is purged. This is essential for helping you understand what risks there are – including problems with where the information is stored, who has access to it, and other factors that could be a challenge.
3. Define retention periods.
   Determine how long you need to retain each type of data before it can be purged. This can be determined by legal requirements, business needs, or industry regulations. Establish a process for securely deleting the data. Use your technology solutions, such as your agency management system, for some of the data destruction or contracting with a third-party service provider to securely dispose of the data.
   • This could vary by the type of data or policy type.
   • Review your Department of Insurance website for your state guidelines.
4. Establish a procedure for purging data.
   Create a process for purging data that outlines who is responsible for identifying and purging data. Make sure to:
   • Identify how the data will be purged.
   • Identify how the purging process will be documented.
   • Communicate the policy to all relevant employees to make sure everyone is clear on their responsibilities and understands the process.
   • Train staff on the data purge policy. It is important to train all staff members who handle sensitive information on the data purge policy to ensure they are aware of the process and understand how to implement it correctly.
   • Ensure compliance: Make sure your policy is compliant with relevant data protection regulations, such as GDPR (General Data Protection Regulations or CCPA (California Consumer Privacy Act).
5. Manage and monitor compliance.
   Regularly review the data purge policy to ensure that it is being followed correctly. This may involve auditing data storage systems or reviewing reports generated by third-party service providers.
6. Document the policy.
   Document the data purge policy in writing and make it accessible to all staff members. Include details about the types of data that need to be purged, the retention schedule, and the process for purging data.

Final thoughts:

• Make sure your agency procedures and workflows are kept current and address what and how account data is documented and stored. Your procedures and workflows should not just consist of “how to” do a task.
• Answer the following questions to help you document and define your policy:
  1. Why exactly are we archiving this data instead of just deleting it?
  2. Why are we saving all this data?
  3. Is the financial gain of deleting this information greater than encrypting it?
• Regularly review and update your data purge policy to ensure it remains relevant and effective.
• Use the technology tools built into your systems to assist with purging and documenting the data purge.