The EXPIRY element can be used in a policy reference file and/or in a
POLICIES element to state how long the policy reference file (or policies)
remains valid.
Each STATEMENT element that does not include a NON-IDENTIFIABLE element
MUST contain a PURPOSE element that contains one or more purposes of data
collection or uses of data.
Each STATEMENT element that does not include a NON-IDENTIFIABLE element
MUST contain a RECIPIENT element that contains one or more recipients of
the collected data.
Each STATEMENT element that does not include a NON-IDENTIFIABLE element MUST
contain a RETENTION element that indicates the kind of retention policy that
applies to the data referenced in that statement.
The STATEMENT element is a container that groups together
a PURPOSE element, a RECIPIENT element, a RETENTION element, a DATA-GROUP element,
and optionally a CONSEQUENCE element and one or more extensions.