Early 2014 - A company employee clicks an email link
Early 2017 - Yahoo admits 3BN email account breach
Can Salesforce customers avoid this?
Yes, for the most part
Salesforce offers security features such as MFA and others to significantly increase data security
However, a lot of customers I speak with have large amount of old data in their Org, and that poses a different kind of problem
-> More data, larger breach impact
What if we simply reduced the old data in the org?
-> Less data, less breach impact
Besides, it also saves Org storage costs
Data retention (aka minimization) is about doing that. However, it can be difficult. Why?
Unless you automate, it can be a tediously manual effort, needs a steady hand and just not a very high priority for busy Salesforce admins
You can actually build a process for data retention, but it take a fair bit of thinking to do it right
Because it needs to be precise, scalable and fool proof
I know first hand because we built a native data retention and minimization capability in Cloud Compliance (link in comments)
What approach has your company taken to minimize old data in your Salesforce org?
AppExchange link: https://sforce.co/2P90923