Which of these should not be part of a data retention policy?
A: Which data do we keep?
B: How long do we keep the data?
C: Where do we keep the backup data?
D: How to safely destroy the data after the retention has expired?
CBK 2: Asset Security
Source: ThorTeaches.com practice tests
D: A data destruction policy would address how we deal with data no longer needed, the retention policy would only deal with what, how long, where and similar topics.