We blogged previously about the importance of having a data retention policy. If you have heeded, or plan to heed, our advice, there are a number of common mistakes you want to be sure to avoid as you craft and implement the policy that governs your Enterprise Content Management (ECM) activities. They include:
1. Trusting staff to comply with retention rules. While many people will adhere to the guidelines you develop, some won’t. And the actions of one person can put you in violation of legal requirements. For actions that can’t be automated, be sure to have a system for auditing compliance.
2. Forgetting that things like instant messaging and email are “business records.” You must treat these communications the same way you do documents.
3. Choosing a “delete everything” or “save everything” approach. Both of these strategies can result in your organization finding itself in hot water. Let your legal requirements be your guide for how long you retain content.
4. Assuming a lawyer knows the retention regulations for your industry. The lawyer you consult may have a very good understanding of retention policies in general, but that doesn’t mean that they know the specifics for your type of business. Be sure to ask about your lawyer’s experience in your field.
5. Assuming the commonly stated “seven years” applies to your data. Yes, in many cases you are required to maintain data for seven years. But there are many, many exceptions to this “rule.” Never assume — know.
6. Treating data retention as an IT project. There are two things wrong with this approach. First, data retention is the responsibility of everyone in your organization, not just IT. Second, data retention is not a project, it’s an ongoing process. The minute you stop tending to this process, you risk being in violation of the rules and regulations for your business.
7. Assuming that limiting mailbox size or shared space will control data proliferation. The fact is, it won’t. Users are creative and determined. If there’s a way around data volume restrictions, they’ll find it. As stated previously, you must have a system in place for auditing compliance.
8. Forgetting that foundational data (policies, procedures, etc.) is subject to retention rules. Though they probably aren’t opened, edited or shared often, these documents are data nevertheless.
9. Assuming that your archived information is easy to access. If your organization is legally compelled to produce certain data, the last thing you want is to encounter difficulty in retrieving it. Periodically test your search and recall systems to ensure they are working properly.
10. Assuming that your data landscape is unchanging. The backup and archiving routines that you define today may be insufficient tomorrow, as people frequently change how and where they store information and rarely will inform you that they’ve made a change.
Conclusion
Creating and enforcing a data retention policy is a challenging task and an ongoing obligation. But with the right business process technologies in place and the right amount of diligence, you can find the balance that keeps you within your storage capacity and in compliance with the legal guidelines your company operates under.
About the Author
Charles Weidman is the President and CTO of Buddha Logic. Charlie has over two decades of experience in the design, development and implementation of enterprise content management, business process management and enterprise resource planning solutions. He founded Buddha Logic with the idea that well-architected digital document capture and management processes are both beautifully simple and powerfully logical. Find and connect with Charlie on LinkedIn.