Earlier this week, the Federal Court of Canada issued its ruling that Canada’s domestic spy agency, CSIS, is only permitted to retain information “to the extent that it is strictly necessary”. The Court criticized CSIS for illegally retaining information and data that should have been destroyed because it was unrelated to threats to the security of Canada.
Typically organizations fear destroying data, adopting a ‘keep everything’ approach in case the information might be useful at some point in the future. The Court stated, however, that the future use argument does not apply to “[n]on-target and non-threat information collected due to a coincidence of time and events”.
This decision is just one more example of why organizations should not retain information longer than necessary. Courts endorse defensible destruction, and good information governance includes defensible disposition policies.