It may be necessary to keep employee records, tax documents and other data safe and secure for several years at a time. However, most records don’t need to be kept forever, and it may not be in a company’s best interest to do so. Let’s take a look at what information should be kept, who should oversee it and where it should be kept.
Employees Should Be Properly Trained
An employee who is directed to retain company data should be given a data retention policy template to work from. Ideally, this will have a list of all relevant records, where they are kept and how long to keep them. This includes everything from advertisements and emails to tax documents and everything related to workplace injuries.
Where Should Data Be Kept?
Ideally, data will not be kept on the cloud. This is because records could be lost, stolen or generally harder to manage once they get there. Furthermore, they could be subpoenaed in a lawsuit. Company data should be kept on an internal network that can only be accessed by authorized employees and devices. If a person needs to work from home, outside devices should connect to dumb terminals only.
Should Data Be Backed Up?
As part of a disaster recovery plan, multiple copies of important company information
should be made and kept in a secure location. This would be helpful if an emergency event, such as a hurricane or fire occurred, the company can recover quickly and become operational again.
Ask an Expert If You Have Questions
A data retention expert can be helpful if you have any questions about who should oversee record keeping or how long information should be kept. The counsel that you hire could also help to create a data retention policy template tailored to the needs of your business.
Your company should treat data retention seriously and come up with a plan that addresses key legal and practical questions. Schedule an appointment with the experts at Information Requirements Clearinghouse to begin creating a policy tailored to your needs. Be sure to have regular meetings with staff to review and update the policy when necessary.