1. Purpose
The primary purpose of this policy is to ensure that Pesa Wire securely manages, retains, and disposes of corporate, client, and operational data. This policy guarantees compliance with the Ugandan Data Protection and Privacy Act (2019), national Anti-Money Laundering (AML) regulations, and international best practices for digital financial platforms.
Furthermore, this policy aims to:
- Protect the privacy and personally identifiable information (PII) of Pesa Wire users.
- Minimize the legal and financial risks associated with data breaches.
- Optimize storage resources by eliminating obsolete or redundant data.
2. Scope
This policy applies to all physical and digital records generated, processed, or received during company operations. This includes, but is not limited to:
- Digital environments: Cloud storage, active servers, local hard drives, backup tapes, databases, and company-issued mobile devices.
- Physical environments: Printed documents, removable media (USBs, external hard drives), and physical archives.
- Data types: Software development logs, financial transfer records, client communications, employee records, and intellectual property.
3. Key Definitions
- Personal Data: Any information relating to an identified or identifiable natural person (e.g., names, transaction history, KYC documents).
- Data Retention Period: The specific timeframe a record must be kept before it is legally and securely destroyed.
- Legal Hold: A suspension of the standard data destruction process due to pending litigation, audits, or regulatory investigations.
- Cryptographic Erasure: The process of securely deleting the encryption key for encrypted data, rendering the data completely unreadable.
4. Data Retention Schedule
Data will be retained strictly for as long as necessary to fulfill business, legal, or regulatory obligations. Once the retention period expires, data must be destroyed according to Section 5.
| Data Category | Specific Data Types | Retention Period | Destruction Method |
|---|---|---|---|
| Financial & Tax | Invoices, ledgers, transaction records, tax filings | 7 years | Permanent digital wipe / shredding |
| Client/User Data | Profiles, KYC documents, service agreements | Active account life + 5 years | Secure database deletion |
| Corporate/Legal | Articles of incorporation, IP filings, state licenses | Permanent | N/A |
| IT & Security | Firewall logs, access logs, system error reports | 12 months | Automated overwrite |
| Employee Records | Contracts, payroll, performance reviews | Employment duration + 3 years | Permanent digital wipe / shredding |
| Communications | Internal emails, Slack messages, routine memos | 2 years | Automated deletion |
5. Data Destruction Protocol
When data reaches the end of its retention period, it must be irretrievably destroyed. Pesa Wire strictly prohibits the discarding of intact physical media or the simple “recycling bin” deletion of sensitive files.
5.1 Digital Data Destruction
- Active Servers & Databases: Data must be purged using secure, multi-pass overwriting techniques (e.g., NIST 800-88 standards) or database-level secure deletion commands.
- Cloud Storage: IT must ensure that third-party cloud providers (e.g., AWS, Azure) execute cryptographic erasure or verifiable secure deletion protocols upon request.
- Backups: Automated scripts must continuously purge backup drives of data that has exceeded its retention schedule.
5.2 Physical Media Destruction
- Paper Documents: Any physical document containing sensitive software architectures, client PII, or financial data must be cross-cut shredded.
- End-of-Life Hardware: Hard drives, solid-state drives (SSDs), and USBs must be physically destroyed (crushed, degaussed, or shredded) by an approved IT vendor before disposal.
- Certificates of Destruction: For bulk hardware disposal, the IT team must obtain and file a Certificate of Destruction from the disposal vendor.
6. Legal and Regulatory Holds
In the event of a regulatory audit, legal dispute, or formal investigation, the Data Protection Officer (DPO) or Legal Counsel will issue a Legal Hold.
- A Legal Hold immediately suspends the automated or scheduled destruction of all relevant data.
- Employees notified of a Legal Hold are strictly prohibited from altering, deleting, or destroying any information related to the hold.
- The hold remains in effect until formally lifted in writing by the Legal department.
7. Roles and Responsibilities
- Data Protection Officer (DPO) / Legal: Responsible for maintaining the accuracy of the retention schedule against changing Ugandan laws and issuing legal holds.
- IT Management: Responsible for implementing automated deletion scripts, managing secure hardware disposal, and ensuring backup compliance.
- Human Resources: Responsible for securely managing and eventually disposing of employee records.
- All Employees: Responsible for adhering to this policy in their daily operations, including not retaining unnecessary data on local desktop environments.
8. Policy Enforcement and Audits
The IT Management team, in conjunction with the DPO, will conduct annual data audits.
- Objective: To verify that automated deletion systems are functioning, physical media is being handled correctly, and no excessive data hoarding is occurring.
- Violations: Non-compliance with this policy—particularly the unauthorized retention of user data or improper disposal of hardware—may result in disciplinary action, up to and including termination, as well as potential legal penalties under the Data Protection and Privacy Act.