Data Retention Policies – Where To Start And How To Gain Consensus.
Updated: May 18, 2022
In several conversations with our enterprise customers on information governance initiatives, implementing retention policies remains a top priority. Data growth statistics point to an obvious reason for this. According to a survey by Statista, the volume of data/information created, captured, copied, and consumed worldwide is expected to grow at a compound annual growth rate of 26% through 2024, exceeding 60 Zettabytes. For perspective, you would need 1 billion 1 TB drives to store a single zettabyte. Add on top of this, the legal and compliance requirements for data preservation (or minimization), managing multiple communication and collaboration applications, and the desire to perform analytics on this data, you have a complex equation for enterprise data management.
Historically, the complexity associated with managing all of these factors have led many enterprises to over preserve. The factors noted above have breathed life and given purpose to data retention programs to overcome the historical roadblocks which have put a damper on these initiatives.
In this blog, we will share a few best practices on how to define, gain consensus, implement, and enforce data retention policies.
What is data retention?
Data retention is the practice of managing and preserving data for a defined period of time. Enterprise retention policies will be dictated by a combination of corporate, regulatory, legal, and regional requirements. These requirements will prescribe what needs to be retained, for what period, the storage medium they must be retained on, and the availability of the data for search and retrieval.
Where should I start?
For starters, don’t bite off more than you can chew. If you attempt to implement an overarching policy to get off the starting blocks, it will be met with resistance. These programs can lose momentum due to insufficient buy-in and disagreement on the scope. To keep your scope in check, do your homework and take the following steps:
Inventory: You can’t apply policies if you don’t know what data you have. Building a data inventory enables you to analyze what kind of data you have. Start by focusing on a specific set of applications or business units to establish a foundation for your inventory.
Establish a schema for the inventory. We recommend tags for legal (data required for ongoing litigation, internal investigation, or other legal matters), compliance (records required to be preserved for regulatory purposes, such as SEC 17a-4), corporate (intellectual property or other confidential information), financial, and others. The schema will define why you are preserving the data and will enable you to quickly see whether it is eligible for retention to be applied.
Understand at the onset, it takes a village to get these policies implemented and enforced. Building the inventory and schema in advance will provide a solid foundation to gain their buy-in. Support the discussion with benefits of enforcement (As an example, this infographic reports that the average cost of storing 1 TB of file data on primary storage costs $3,351 per year, what more could the business unit do with that money back into their operating budget?). Minimizing your data footprint will save costs for IT on storage, backups, and management, shrink the attack service for information security and simplify eDiscovery for legal teams.
Other Factors to Consider
When engaging a diverse group, it is best to keep the policy language simple. Using terminology that is unique to a specific stakeholder will create confusion. Using simple terminology will make it easier for the broader organization to adhere to as your policy takes hold.
Start with time-based retention and work towards content-based policy definitions. Unless there is pending litigation or unusual compliance obligation, data will become obsolete after 7 years. In the abundance of caution, you can start retention even higher.
Enforce data retention with Zantaz EAS
As the world’s foremost experts in data archiving, our team is ready to deliver the technical solutions and process consulting to implement and enforce data retention policies that align with your business, compliance, and legal requirements. Our unified archive programs deliver a single platform for managing all enterprise data retention requirements, eDiscovery, and much more.
To learn more, contact email@example.com