Overview
Our data retention policy balances several needs: maintaining research integrity and reproducibility, protecting source confidentiality, complying with legal requirements, and minimizing data we hold. Different types of data have different retention periods based on these considerations.
Core Principle
We retain data only as long as necessary for legitimate research purposes. When data is no longer needed, it is securely deleted using methods that prevent recovery.
Retention Periods by Data Type
| Data Type | Retention Period | Reason |
|---|---|---|
| Published research data | Indefinite | Public record and reproducibility |
| Raw research data | 5 years after publication | Verification and follow-up research |
| Unpublished findings | 2 years | Potential future relevance |
| Source communications | Deleted after processing | Source protection |
| Contact information | Until relationship ends + 1 year | Ongoing communication needs |
| Website logs | 30 days | Security monitoring |
| Financial records | 7 years | Legal/tax requirements |
Research Data Lifecycle
Collection Phase
Data is collected from public sources and stored in encrypted research databases. All data includes collection metadata (timestamp, source, method).
Analysis Phase
Data is analyzed and findings are documented. Working copies may be created for specific analyses and deleted when analysis is complete.
Publication Phase
Relevant data supporting published findings is archived with the publication. Supporting data is redacted to remove sensitive details where appropriate.
Archive/Deletion Phase
After retention periods expire, data is securely deleted. Published data remains in our public archive indefinitely.
Source Protection
For source communications and tip submissions:
- Original communications are deleted immediately after information is extracted
- Metadata that could identify sources is not retained
- SecureDrop submissions are processed on air-gapped systems
- We do not maintain logs that could connect sources to submissions
Secure Deletion
When data reaches the end of its retention period:
- Digital files are overwritten using secure deletion tools
- Database entries are permanently purged, not just marked as deleted
- Backup copies are also deleted according to backup rotation schedules
- Physical media is destroyed when decommissioned
Exceptions
Data may be retained beyond standard periods when:
- Required by legal proceedings or investigations
- Needed for ongoing research with documented justification
- Part of a formal partnership with agreed retention terms
Review Process
We conduct quarterly reviews of retained data to ensure compliance with this policy. Any data retained beyond standard periods must have documented justification that is reviewed annually.