Data retention and destruction policies should meet all of the following requirements EXCEPT?

Documentation related to audit controls (third-party or internal) should be saved in a permanent format by default, not a non-permanent one. This is to ensure that the organization can demonstrate its compliance with the applicable laws and regulations, as well as its own policies and procedures, in case of an audit or a legal challenge. The other options are valid requirements for data retention and destruction policies, as they help to minimize the risks and costs associated with storing personal information beyond its intended purpose. References: CIPM Body of Knowledge, Domain III: Privacy Program Management Activities, Task 3: Manage data retention and disposal.