As technology advances, the cost of data storage tends to decrease. Consequently, it sometimes seems as though it might be easier and more cost-effective to simply add more storage as needed rather than to define and implement a data retention policy. However, there are a number of reasons why retaining data indefinitely is a bad idea.
Data Storage Costs Continue to Fall
First, while storage costs continue to fall, it is still more expensive to store data than to delete it. Second, as data volume increases, system performance tends to decrease. And finally, the more data you retain (especially if any of it is customer data), the greater your liability, as you are required to protect the information in your possession from unauthorized access.
Data Retention Policy Tips
Similarly, there are many legal reasons why deleting data too soon is ill-advised. Consequently, it is important to have a well-reasoned and well-executed data retention policy as part of your overall enterprise resource planning (ERP) efforts. Here are some tips for defining and implementing yours:
- Be clear on whose responsibility it is to enforce your policy, and ensure that they have the time and the tools for doing so. In some ways, it’s better to have no policy than one that is sporadically and unevenly applied.
- Consider both comprehensiveness and manageability, and seek to find the right balance. It may be impossible to create a data retention policy that covers every last piece of data that your company handles, and it is probably unnecessary. As you create your policy, focus on the most critical types of data first, and continue moving down the list as far as resources will permit.
- Be sure that you are well-versed in the statutory, regulatory, contractual and business requirements that affect how long your company must retain data. Failing to comply with these rules and regulations can have serious consequences, up to and including criminal penalties. It’s a good idea to get legal counsel as you craft your policy.
- Ensure that the data you are obligated to retain is covered by adequate backup processes. In all likelihood, system failures, natural disasters, etc. do not excuse you from these obligations.
- Consider implementing your data retention policy using a phased approach if possible. This will allow you to make clarifications and adjustments more easily.
- Create a document that begins by giving some context to your policy and then goes into great detail, listing every type of data your company possesses (within reason, as noted previously) and how long it is to be retained.
- Review your policy regularly and revise it as rules, regulations, and business conditions dictate.
It Takes Time and Effort
Creating and implementing a data retention policy takes a significant amount of time and effort. However, doing so delivers everything from cost savings to protection from compliance issues. And, many of the tasks involved can be automated through business process management software. If you need guidance as you develop your policy, or help putting the systems in place to manage it, give us a call.
My team and I are a close-knit group comprised of Enterprise Content Management (ECM) experts skilled in design, development, implementation and support. We take a personal interest in every project we tackle and every client we work with. I invite you to follow Buddha Logic’s LinkedIn Company page and our Twitter account or to reach out to us by email.
About the Author
Charles Weidman is the President and CTO of Buddha Logic. Charlie has over two decades of experience in the design, development and implementation of enterprise content management, business process management and enterprise resource planning solutions. He founded Buddha Logic with the idea that well-architected digital document capture and management processes are both beautifully simple and powerfully logical. Find and connect with Charlie on LinkedIn.