Mobile app data privacy - Length of record retention in a software app

S

snoopy2017

Retired
#1
#1
Hi everyone,

For how long should customers' data be stored or the length of record retention in a software app, for example, after the license has lapsed. Do customers always have access to their data or is this data destroyed after a certain amount of retention time? Thanks!
 
M

mihzago

Quite Involved in Discussions
#2
#2
That depends on the type of data and locality. If, for example, you're in the US and the data stored on the app is ePHI, then "HIPAA requires that business associates and covered entities retain the following for at least six years from creation date or last effective date, whichever happens to be later". Some states, for example Massachusetts, have even longer retention periods of 7 years.
In other jurisdictions (e.g. Canada, EU), there is no specified period, so you have to define it on your own considering the requirement that the "Personal Information shall only be retained as long as necessary for the fulfillment of those purposes behind data processing."

Make sure you document the retention time and the justification in your procedures, and explain how you handle access and retention in terms of use or contracts with your customers.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
S Medical device mobile app UDI - Where is the UDI labelled? Other US Medical Device Regulations 1
E Wearable Medical Device & Mobile Apps in US 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
E Wearable Medical Device & Mobile Apps in EU EU Medical Device Regulations 1
C Mobile Application which collects Physiological Data from a Medical Device Other Medical Device and Orthopedic Related Topics 1

Similar threads


Top Bottom