Existing and emerging privacy laws limit the length of time companies can retain personal information, and these requirements should be detailed in a data retention policy. Creating these policies quickly raises questions: What should be included in a data retention policy and how is it executed? How long can personal information be retained, and how can this retention be made defensible? How are conflicts avoided? This session will address creating compliant, executable data retention policies that address privacy concerns.