October 2018 Newsletter – Data Retention

A data retention policy defines the practice of persisting data and records management to meet legal requirements. In many industries, severe civil, criminal, federal and financial penalties may apply. If you do not retain particular records for an indicated period of time. Likewise, certain documentation must be deprecated or destroyed when it reaches a maturation date.

It is very likely your industry has specific retention policies already in place which you may not be aware of. For example, most business must retain previous employee records for three (3) years from the date of termination. Most payroll departments must retain payroll information for up to seven (7) years.

 

Why You Need a Retention Policy

One of the most critical reasons for an established data retention policy is avoiding penalties for not retaining information. Also retaining information past the intended destruction date, as mentioned above. However, there are additional, specific reasons why you should investigate how your documentation is retained by your company.

In many fields, as years progress, documentation must be updated to ensure the information within is accurate and current. Consequently, older versions of documentation must be deprecated to avoid having more than one copy of an official document floating about your office. An effective data retention policy will help reduce the potential for data duplication.

If your data center is breached or your documentation is stolen, a data retention policy which removes antiquated documentation and data reduces the quantity of data loss when this occurs.

Finally, it should be noted that physical documentation takes physical space. The more you store, the larger your storage center needs to be. This also applies to electronic documentation, as a server can potentially fill up with unnecessary data in a hurry.

How to Establish a Retention Policy

The first critical step in establishing a data retention policy is to construct an effective development team. Assign specific ownership of the data retention policy and procedure to ensure that it is maintained in a consistent fashion. Avoid the ‘telephone game’ where each department, given authority to manage their own data retention, interprets the policy in a different fashion.

Next, effective research to determine all the regulations that are applicable to your specific business and legal records is necessary. This includes state, federal, commercial, and internal procedures, covering how long specific types of documents need to be retained, and when documents should be discarded.

An important step for determining your data retention policy is to outline its scope. Not all data which passes through your company needs to be retained in the same fashion, and some data may not be suitable for retention. Keeping everything permanently may seem like a noble and effective approach, but you may find it more difficult to locate critical data in the midst of your unnecessary documentation.

Outlining and distributing your data retention policy is the most important step. Create a document outlining the various types of data your company normally handles, and indicate how long the data must be kept as well as when it is mandatory for it to be deprecated or destroyed.

Avoid headaches down the road with an effective data retention policy. It is the kind of thing which seems innocuous at first, something which might be handled later, that eventually builds into an insurmountable task. Establish your data retention policy now, and you’ll find enormous savings later on, especially when litigation is involved.