- Electronic Records
- Four Steps to an Effective Data Retention and Destruction Policy for Your Business
For many small businesses, their record retention policy consists of dumping a folder in the back of a beaten-up old filing cabinet in the back office and forgetting about it.
On balance, this seems to work fairly well–at least until there is a fire, earthquake, lawsuit, or someone sells the filing cabinet without clearing all the drawers out first. Then, that stained manila folder will turn out to have contained a critical item of information, and the company might well be dead in the water without it.
Data retention and destruction policies have only become more important in our world as more and more data is generated and digital systems allow essentially infinite storage. There, the beaten-up old filing cabinet becomes a beaten-up old server in a back closet, and the file is a Word document that is seven versions old and probably unreadable anyway.
But the problems remain. Digital discovery during legal proceedings requires that documents remain accessible and readable for defined periods of time. Data critical to company operations has to be available instantly, often to multiple users simultaneously. At the same time, old, irrelevant, and unnecessary data needs to be disposed of safely and securely, lest it either fall into the wrong hands or simple disrupt operations by interfering with relevant information.
These issues demand more sophisticated data retention and destruction policies even in smaller businesses. These four simple steps will help you put in place a bulletproof policy and procedures to keep you in business and on the right side of the law.
It’s nice to be able to start from scratch with document organization and retention schemes, but the reality for most businesses is that they will be dealing with a backlog of records at first.
Devising an appropriate policy and implementing it is even more daunting when you don’t know exactly what you are dealing with. So the first step in any retention policy process is to organize the data you already have.
Coming up with an appropriate schema and nomenclature for categorizing documents and data is the first part of the process. After that, you will have to figure out how to organize storage or tagging hierarchies to align your physical and virtual storage with the types of information your business collects.
State, federal, and tax laws may vary with respect to what data and communication you are expected to retain and for how long. You will certainly want to consult legal counsel at this point. Even when retention is optional, there may be various legal or operational reasons to hold or discard particular data for certain periods.
Since you have already organized your data, it’s a quick step to tagging and sorting appropriately to locate information to be purged or retained indefinitely and to store or destroy it accordingly.
Get Backed Up
No policy in the world can help you if you don’t implement physical methods of ensuring that data is protected until you decide to take action on it. Fire, flood, and hacking can all destroy records you may want or be required to retain.
Regulatory agencies take a dim view of “the dog ate my tax receipts” excuse in this day and age. Professional services and systems to back up your information are ubiquitous and relatively inexpensive. Whether you elect to purchase backup software and systems and manage backup processes in-house, or to contract out to an online backup provider, make sure you have robust backups.
Backing up takes care of the stuff you need to retain indefinitely; you need to have equally robust procedures for destroying data that you decide not to retain.
This task is surprisingly difficult in the digital age. Even deleted documents, on most modern storage media (hard drives, thumb drives), are rarely gone past the point of retrieval even using very rudimentary forensic or hacking tools. True deletion requires special software or physical destruction of the media.
Paper, of course, can be shredded. Again, for both physical and digital records, outsourcing this process is an option.
No matter what policies you come up with, it’s important to have both clear guidelines for your staff to follow and effective methods for implementing them to keep your business in the clear when it comes to document management in the modern age.