The article mentions the best way is not to store sensitive data but we probably all need to at some point the question is for how long and importantly is it consistent across your organisation. One way is to have a Data Retention Schedule (or policy) which says what data you'll keep and for how long. It could be that you keep certain data for a different length of time to others e.g. customer details may be kept for a shorter period than staff details, or vice versa. This will most likely be driven by GDPR compliance, where you need to say how long you're keeping the information as well as how you'll use it.