Question from our legal department:
if our customers send us their personal particulars (eg:
NRIC, Social security number) via email, what's the best
practice out there in terms of
a) how long we retain the email?
b) after how long that we dont need it that we ought to
purge/delete it away?
c) do we need to show evidence that it's been purged?
d) any other treatment of such customers' information?
Currently we are on O365