Do We Have a Data Protection Framework?

One of the other guide lines says that all other service providers, entities, intermediaries, vasically, anyone whois dealing with any kind of uture information, needs to maintain rolling logs for one 80 days. This again, requires them to maintain, use the data, as well as any transaction details that they might have access to. The reasoning here is that tee, very often companies don't maintain their data records for a long enough period of time. And by the time a siber breach is discovered, they no longer have the data which could be used to even ascertain what caused it or where it's come from.