Your data retention and customer information are the lifeblood of your business - there's no denying data's importance, especially in day-to-day operations. Today, organizations across all industries are tasked to protect this vital info, retain it, and provides access at all hours. Yet, all we've seen was a lack of the appropriate archiving and retention policies upon initial inspection.
Building Data Retention
As your MSP, it’s our job to be your strategic advisor and help them understand exactly what their retention requirements are for various business needs. By looking to clean up your IT environment and implement retention policies for more secure, and accessible data you can gain an edge on the pitfalls of errors and mistakes.
By establishing data retention policies, here are some key points you should consider. Keeping in mind, that not all data is created equal—the first step in establishing appropriate retention policies, which data needs to be archived, and for how long.
Step 1: Classifying
Strike a balance between what’s optimal for your business needs vs. cost-effectiveness, by asking some of these questions before classifying or deleting data.
- Is this info critical for the customers’ business operations?
- Would your data be classified as a permanent document of any kind?
- Is your data considered proprietary intellectual property?
- Does your data reflect the current, legitimate and useful information or needs?
Data that fits none of these criteria may be suitable for deletion - although most data is generally retained for at least a twelve-month period, with a very small percentage needing to be retained after that period for legal holds. Assess value and risk before deleting anything and consider cost and storage requirements when choosing to keep anything else. There should be no arbitrary or ambiguous data—everything must be accounted for.
Step 2: Compliance
There is a hierarchy to follow when determining which data must be stored. Ensure data retention policies align with any of the following compliance or regulatory restrictions:
Whether it’s HIPAA, FINRA, PCI, or other regulatory concerns, know your verticals, and know the law. What data must be kept (and for how long) can vary significantly from one industry to the next.
Retain all data that could be subject to legal discovery or would be needed in legal action should it arise.
Pro Tip: If you need a long-term storage solution for less time-critical data, you can leverage our series of cost-effective data retention and BDR solutions.
Step 3: Deletion
Once your identified data no longer serves any useful purpose, there’s more to do than simply emptying your desktops recycle bin. Set expiration dates for all data when establishing retention policies unless it's designated to be retained in perpetuity. It should be noted, that when data has exceeded the retention limits, it should be deleted immediately.
Finally, data that is retained must be data that is accessible. Choose a fast and searchable archival method to access data and determine what frequently-used data (if any) should be kept “live” outside of archival applications.
For anyone unsure of their backup and disaster recovery technology, and its configuration, we can help. With over 30 years of experience, with information technology, our trained IT consultants can get you started down the right path.