Visitor Data Retention and Privacy
Q: How long should I retain visitor data I capture on my site?
A: The answer depends upon applicable law, the type of data collected, and your relationship with the visitor. For example, there’s certain information you’ll want to have that a customer provides you if there’s ever a breach of contract lawsuit regarding goods or services you provided.
The statute of limitations for bringing such a lawsuit may make it necessary for you to keep that information longer than you otherwise would if the same data was supplied to you by a visitor who is not a customer.
The key here (particularly with PII), is to keep the information only as long as you really need it.
Information Security Risks
Q: Why not keep the data forever just in case you might need it someday?
A: The longer you keep such information, the greater the risk hackers or a government agency spying online will access and misuse the data. Keep it as long as needed for legitimate business and legal reasons but no longer.