As you pointed out, that audit led to the destruction of all data that did not need to be kept. I would say that speaks quite nicely to the effectiveness of our audits and the receptiveness of federal agencies, to be sure. That being said, it is necessary to keep up that oversight. As I was explaining earlier, we have a risk-based audit plan, where we determine which organizations to audit according to the volume or nature of information they hold and the number of incidents.
That is how we ensure that irrelevant data is not kept unnecessarily.