You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Document Name: NCSA Data Retention Policy
Version: 0.2
Accountable: Adam Slagell
Authors: Adam Slagell
Approved:   

Scope

This data retention policy covers all systems operated by the Integrated Cyber-Infrastructure directorate at the NCSA. More specific system data retention policies and contracts/agreements can supplant this default policy. 

Data Types

There are 5 major types of data ICI is responsible for at NCSA: Staff, User, Project, Log, Temporary, & Business data. 

Staff Data

Staff data are information on systems operated by ICI which they are given by virtue of being a staff member or sponsored guest at the NCSA. Examples include AFS home directories, laptop/workstation backups, user space on the file server, personal spaces on the wiki, and list archives for lists that staff person owns.

User Data

User data are information on systems operated by ITI which are given by virtue of having an allocation on an NCSA operated system. Examples include home directories on HPCs, personal directories on storage services, and other storage that is given to users who are not necessarily sponsored guests or staff.

Project Data

Project data are information on systems operated by ITI which are shared by a project and should persist beyond any one person leaving that project. Examples include web server spaces in AFS, project spaces on HPCs or data services, group or project folders on the file server, project wiki spaces, and project email list archives.

Logs & Accounting Data

Logs and accounting data are metadata generated by systems operated by ICI to assist in the maintenance, operation, and accounting of those systems. These include system and network logs, allocation usage, security alerts, failure notices, and more.

Temporary Data

Temporary data can be generated or created by users in special folders for the express purpose of short term use. Examples include scratch spaces on HPCs, temporary and swap folders used by operating systems, and data staging areas used to transfer data to another system or person.

Business Data

Business data are financial, contract, personnel or other data required by the administrative staff at NCSA to do their daily job. This data may rest on endpoints managed by ICI, or ICI managed file servers, wikis, or backups. Business data sitting on non-NCSA University systems are not considered here.

Retention Policies

These timelines are not a promise to cleanup data that may be older, but only a commitment to how long we minimally retain such data. It is important to note data life span can be cut short by retirement or failure of the system hosting it. It is not a promise to backup any data elsewhere, either.

Staff Data

Staff data is retained for 180 days after employment ends, unless they are made a sponsored guest. Sponsored guest must be reaffirmed annually.

User data on allocated systems will remain as long as they have an active allocation on the relevant systems.

User Data

User data remains 90 days after the user has no allocation on the relevant systems. The user may no longer have access to the system, in which case NCSA staff can help them retrieve it until expiration.

Project Data

Project data is retained for one year after the end of a project, typically the end of its funding or retirement of its resources.

Logs & Accounting Data

System and network logs are retained for one year, unless they are a part of an incident investigation in which case they are held indefinitely. Accounting and user profile data in the IRG databases are never deleted.

Temporary Data

Temporary data are only kept for 48 hours by default, and may be cleaned up automatically after that time.

Business Data

Business data are kept as long as required by law or University policy, and this differs for each kind of contract, personal and financial data. ICI works with the administrative unit to support their requirements for data retention.

Privacy

  • Respect UIUC policies
  • Logs are not protected unless, special policy
    • e.g., keystroke data
  • User data permission needed
  • Staff
    • No expectation of private data
    • Manager & HR together decides
  • Project data
    • PI has access

Exceptions

  • Who approves?
  • How is it tracked?

 

 

 

 

 

 

  • No labels