Skip to content

4 Reasons You Need a Retention Policy

by on May 3, 2011

Is your organization operating without a data retention policy? Or under a policy that needs updating or isn’t being consistently enforced? If so, this is one issue you’ll want to move closer to the top of your priority list, ASAP. Here’s why:

IStock_000004637317XSmall

Reason #1: Staying Compliant

Regulatory compliance is the top driver for having a retention policy. Sarbanes-Oxley, HIPAA, SEC regulations and other compliance requirements dictate how long you need to retain information—up to seven years for some types of data. The key is to look across all of the data in your organization and strategically identify what exactly you need to retain for which specific time periods to meet external compliance and internal audit requirements.

Not having the data you need (or not being able to produce it on demand) could result in millions of dollars in fines for noncompliance. Get clear on which compliance regulations apply to your business and make sure you have a policy to meet them.

Reason #2: Minimizing Legal Exposure

The legal implications of a data retention policy can be tricky. Companies are keeping more data for longer timeframes for compliance, business and other reasons. But keeping everything forever just isn’t realistic or even smart. One major reason: legal risk.

Having too much data to sift through in the discovery phase in the event of litigation can drive up your legal costs and delay the discovery phase, which can result in sanctions. A glut of data also can create unnecessary exposures—for example, calling into evidence older data that could be incriminating or taken out of context and used against your organization. A consistent data retention and discovery policy minimizes these risks, while also demonstrating that any data destroyed prior to a lawsuit was purged methodically, according to a policy, rather than targeted for destruction as potential evidence.

Reason #3: Business Information

Whether for analytic, historical or other purposes, businesses need to retain information. It’s easy to see how this reason can come into conflict with reason #2. A good retention policy strikes a balance between keeping data long enough for business and compliance purposes without exposing the business to any unnecessary risks.

Reason #4: Keeping Costs Down

Sure, tape is cheap—but that doesn’t mean you should endlessly invest in a limitless supply of storage media for volumes and volumes of data without just cause. Storing too much data adds up. Let policy determine how much data you need to store and you may see storage costs drop.

Creating and implementing a good data retention policy is not as straightforward as it seems. But the answer to the question of whether or not you need one is as clear cut as it gets.

 

2 Comments
  1. steve t permalink

    Interesting post! In your experience, have you had clients not have a retention policy and suffer because of it (both legally and financially)? It appears that you have left the door open for further explanation on how your organization works with your clients to define and implement a retention plan.
    A brief example of how you actually help your clients would be of great value added to this posting.

  2. Steve, we had had companies suffer, mostly financially, due to incorrect retention policies. Although we’re not technically ‘consultants’, when we install our software we help guide them towards thinking about what their current policies, or if those policies need to modified and streamlined. Once they start using our software the organization can start to see if these retention holds are working, and tweak from there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: