Why this matters
Data minimization and lifecycle controls support SOC 2 privacy and confidentiality criteria.
Tag records by data_class (PII, telemetry, auth) and enforce retention (e.g., PII ≤ 365 days unless legal hold). Provide scheduled deletion jobs and audit log entries.
Data minimization and lifecycle controls support SOC 2 privacy and confidentiality criteria.
Side-by-side examples engineers can pattern-match during review.
DELETE FROM events WHERE created_at < NOW() - INTERVAL '10 years';DELETE FROM events WHERE data_class='telemetry' AND created_at < NOW() - INTERVAL '30 days';UPDATE users SET deleted_at=NOW() WHERE id=$1DELETE FROM users;From the same buckets as this rule.
Public services must require TLSv1.2 or higher and set HSTS (max-age ≥ 15552000, includeSubDomains). Reject plaintext HTTP and weak ciphers; cookies must be Secure and HttpOnly with SameSite set.