How to Responsibly Maintain, Retain, (or even Destroy!) M&E Data
Wrapping up the last stage of responsible data governance according to our guiding framework, is stage 7! This stage emphasises the importance of managing personal and sensitive data from the ‘birth’ of data (during collection) to its ‘death’ (when we aggregate it, anonymise it, or delete it).
A principal way to minimise the risk of data misuse is to minimise the amount of data that is collected, and to formulate a clear plan for how data will be maintained, retained, or destroyed. This may include steps to anonymise data, periodic data aggregation, or destruction of data after a particular point where it is no longer needed.
Data retention policies should reflect the fundamental principle of ‘data minimisation’, meaning that only data which is required for specific purpose is captured; data is kept for as short a period as necessary; and data is kept as securely as possible at all times.
Data minimisation is a core principle of most data privacy regulations.
Guidelines for developing and implementing a data retention policy
A data retention policy is based on the diverse types or categories of data that are being collected, how long each kind of data should be stored, and when and how it should be anonymised or deleted.
To formulate a data retention policy, review the agreements with other entities (donors, partners, ethical committee) and any local laws that set terms for the retention of data or records.
Review how long you need to retain various kinds of personal, sensitive, and sensitive non-personal data and establish a reasonable timeframe for keeping raw data, anonymising or aggregating it, and/or deleting it. Once data is fully anonymised (meaning individuals cannot be identified in it), aggregated (meaning it’s analyzed at a level that doesn’t allow for individuals to be identified or for specific communities to be put at risk), it’s usually exempt from data privacy laws and safe to keep. For example, raw household level survey data with individual names and locations is subject to data laws and also riskier to keep than data that is analyzed at a district level or higher.
It is important to remember to consider this for any datasets that are stored in cloud services like KoBo Toolbox or Survey CTO, and to have a schedule for destroying paper-based surveys and other hard-copy data.
For example:
- If you are doing longitudinal qualitative analysis, it might be prudent to keep data in its original form for a decade or more, or even in perpetuity if the data is historical data.
- You might keep contact information of survey respondents for a 3-year evaluation for a total of 5 years in case you need to return to them for a project evaluation.
- If you are collecting quantitative data, it should be aggregated quickly and the raw files destroyed once quality checks have been completed.
- If you are doing web analytics, you might only need detailed data for a week or only need data in aggregate form.
- You might have to retain some personal data for audit requirements from a grantor or partner that requires data to be kept for a specific period.
See tip sheet 9 on developing a data retention policy
See our previous blog posts on: Responsible Data Management for M&E: Stage 1 – Design and Planning , How to responsibly collect or acquire data for M&E, How to Responsibly Transmit and Store M&E Data, How to responsibly Clean, Analyse and Use Data, How to responsibly open data and use data, and How to visualise and communicate M&E data, to keep up with the discussion, or learn more from the report.