Data Retention policy

What is Data Retention Policy?

What Organizations usually neglect

everything you need to know about Data retention policy

Why is it important?

Today, records management is the backbone of open government programs and initiatives in the United States, Canada, and more than 70 countries around the world.
While it is important to make government information increasingly accessible, in order to improve transparency and accountability, it is even more crucial for records managers to understand the importance of developing and maintaining a strong and effective data retention.
A data retention policy (DRP) is a simple system of rules for holding, storing, and deleting the information an organization generates and handles.

How It protects you from legal consequences?

If you, your department or employees have not complied with records retention laws, you could face a range of potential consequences, these may include costly penalties and lengthy investigations and lawsuits.
If a department destroys a document while it’s under legal obligations to retain it, it exposes itself to a claim of "spoliation of evidence", which basically means; the so-called department has destroyed evidence and may now be exposed to "adverse inference". In this case, a judge can easily infer that the destroyed document says precisely what you feared it might say.

To avoid such consequences, a document retention policy (DRP) must explicitly state the conditions for destroying a document when and how. Whether it is an electronic or paper document, there must be a clear procedure in place that allows its destruction to be suspended, should a prosecution, investigation or audit need to begin. This is known legally as a “litigation hold”, where you must keep all relevant information in place to avoid claims of spoliation of evidence.

key takeaways


Bid for Clear Procedures

With ever-changing laws and regulations, how can public and private sector records managers develop a comprehensive, manageable, and compatible data retention policy even in changing industries and government legal frameworks?
There is no single method to develop and maintain a data retention policy, you must adapt your strategy to each department or company.
The key to effective compliance is to establish, implement and maintain a program with clear procedures that enable Information Managers to achieve and maintain the targeted level of compliance.


Balance flexibility and Protection

Any data retention policy approach chosen should be flexible enough to maintain a balance between adhering to high-level policies and business requirements, and rigorous enough to maintain data security.


Focus on the most Important Datasets

To avoid flooding your data retention policy with irrelevant and unnecessary information. A smart strategy is to focus on your most confidential records like HR and financial records, and records that are part of your core functions without which you won't be able to deliver your service and achieve your business goals. Then design your policy around these most critical data sets. This will save you time and help you avoid redundancy.


Establish incentives that encourage compliance

Anyone who processes the organization's data should be aware of the data retention policy that is implemented, so that they can manage it in a way that facilitates full compliance. Employees and stakeholders whose work may increase your risk of non-compliance should be trained in accordance with applicable DRP’s. They must also be qualified to detect potential problems and be aware of the legal risks and penalties, for the organization and for themselves.
Communicating clear consequences will not only discourage misbehavior and avert the risk of non-compliance, but also establish incentives. Linking compliance activities to performance reviews will help create a "desirable" compliance culture and protect your business or department.


Update and maintain

Be aware and update your DRP regularly; One of the biggest mistakes businesses typically make when developing a data retention policy is treating it as a one-time project without considering the changing nature of industry laws and regulations. Policies and procedures should include provisions for regular updates to keep the policies relevant and compliant.


When legal, regulatory, or security issues arise, it's too late to begin thinking about getting the organization’s data in order.
-- Scott Read,
Information governance leader at IT & Business consulting firm Deloitte