Data Retention Policy: Practices & Preservation
According to the IDC’s annual Digital Universe study, the amount of data being produced as of date is projected to grow almost ten-fold or more over the next six years, at the average of doubling every two years. Not only this, but it also predicts that undoubtedly, the amount of electronic data will overtake available storage.
The biggest challenge for IT departments nowadays is to handle the ever-increasing amounts of data, which is produced by numerous contrasting applications and in parallel ensuring access to the data is properly and securely managed and made available for business and legal purposes. For these new world organizations, all this information could be expensive to store for the reason, not just the cost of storing it, but also because of the potential liability that could arise for keeping information for too long.
Having said this, the important aspect remains to limit the disclosure to any security breaches which are no more surprising, and an organization should be ready to handle it anytime. For this, the best practice would be to institute data retention policies within an organization to be able to retain records for the time duration until when the data need to be retained. The best practices also suggest not to keep data of the old customers which have no potential or negligible value compared to if it gets exposed to theft.
For such reasons and other reasons adding risk to the data in any way, it becomes important for the organizations to have formal written documentation on data retention policy and ensure the enforcement of this policy for all their enterprise systems including but not limited to ERP, CRM, Data Warehouse, Email, etc to limit liability in the long run.
Data Retention Policy — Its aim for your organization.
The need and the purpose of the organization remain on the top consideration before considering the implementation of a data retention policy. Also, to check, if the requirements being driven by the legal or compliance implications? If so, it becomes important to brainstorm to preserve data in its original form.
Not to be ignored the need to apply a legal hold to prevent archival of records related to an entity because of the known fact that litigation can move for many years. Or, if they are being driven by the CIO’s need to reduce storage cost and clutter and meet service level agreements (SLAs)? The need to identify, if the data remain life or if it needs to be archived depends on the answer to the above queries.
Data: Categories & Survival duration
The other key consideration concerning Data Retention Policy is how long they live system could accommodate different types of records as well as the archive system before eventually being cleared. To comply with Sarbanes-Oxley (SOX), the payroll data is required for three years but there is a mandate to retain financial records for seven years for the public companies.
More often, it is the industry regulations and the ruling that dictates the limitations for a party being able to bring legal action against the organization that dictates the duration of time necessary to retain documents. However, the important concern is that the IT group is often not well versed/aligned in document retention regulations, so it is always advised to consult with corporate legal counsel to meet the compliance. The mandate of compliance concerning the duration of time needed to store documents across a variety of industries is in trend.
The understanding of Data Retention Policy
The best organization must get into the deep to finalize their approach on the implementation of the document retention policy. These policies consist of the policies defining the rules, which briefs out to move files from the live system to the archive and eventually clean from the archive system. A policy defining to archive records beyond a specific duration, but the possibility still exists to having them being accessed.
For such a case, it would be sensible to consider using the Last Accessed Date instead. But the feasibility of it remains in question, if your system doesn’t store the information, but instead only stores the created date and last modified date? In this case, likely, this contract has not been modified since it’s been created, but it’s probably not one that should be archived or purged from the live system. It will call the need to set an exception to preserve this document for longer than the standard policy.
