Deakin To mark Privacy Awareness Week, Industry Professor Phillip Magness at Deakin’s Centre for Cyber Security Research and Innovation argues businesses should carefully consider how much personal information they keep, given the risks of a data breach. An area of privacy that often receives less attention than others is data retention. In my experience, individuals and organisations continue to hold personal information when they don’t really need it anymore; perhaps for fear of deleting something that they may need “one day, for something, maybe” or perhaps because they are uncertain about their retention requirements. Summarily, the Australian Privacy Principles require an entity that is bound by the Privacy Act to take reasonable steps to destroy or de-identify personal information when it is no longer needed for any purpose for which it was collected.