Data Retention

Organizations should adhere to a "retention as long as necessary" principle. Holding onto data longer than required for its intended purpose increases security risks and may violate privacy regulations.