We’ve written on the topic of data retention and deletion before, but it’s a good idea to revisit the information again. Given the amount of data that businesses collect, process and store, as well as the speed at which that data is managed, the topic will remain relevant for the foreseeable future.
What is data retention, and why does it matter?
Data retention and regulation has been a topic covered thoroughly by restrictions and legislations, which continue to mount and increase in scope and security. These include various depositions on how long data must be retained and stored – especially in the German speaking world – as well as admonitions regarding privacy and personal data security.
To accommodate these mandatory retention policies, as well as comply with eDiscovery cases and other data handling requirements, organizations have largely turned to archives and data management software that allows for long term storage and retrieval of data.
Existing legislation on data retention
Most people are by now familiar with the major pieces of international or national legislation – the European Union GDPR being one of the most commonly cited, but with other regulations and regulatory bodies in place even just on the EU level.
While the GDPR’s influence is by now largely understood, organizations maintaining compliance with it are increasingly likely to find their data management software and their policies unable to easily cope with further, different regulations layered on top of it; this is especially true of organizations that look to establish a presence internationally.
Outside the EU, financial organizations looking to operate in the USA also have to potentially look into the Securities and Exchange Commission’s electronic recordkeeping requirements for broker-dealers and security-based swap entities, as well as other legislation.
Older data control software is rapidly becoming obsolete
Data management and control software is generally up to the task of handling the load and regulations from its inception. However, unless it is regularly updated, it is unlikely to gracefully handle new tasks imposed by newer regulations.
A common solution explored by organizations is to use several concurrently-running data management or storage systems to achieve different aspects – from GDPR and eDiscovery compliance, to long-term retention, to data backups for critical information. While this guarantees coverage of all your organization needs, it also guarantees you will be spending far in excess of what you would if using a unitary system that covers all regulatory and security needs simultaneously.
Much data retention and deletion is handled poorly
As was written recently on the Office365Pros blog, there’s been some buzz around multiperson mailboxes requiring a Microsoft Defender license – something that has caused increased costs specifically because a non-zero number of organizations have tried to use shared mailboxes in lieu of proper email retention methods.
This sort of shortcut is unfortunately common, across multiple sectors and using multiple different systems in this way. Email, Teams and other communication platforms are the most common culprits.
As organizations find out to their detriment, these makeshift approaches are usually not up to the task once things begin to go sideways; after retention is audited, an eDiscovery case is launched, a recovery process is initiated, or a Right to be Forgotten request arrives – organizations suddenly find themselves facing unexpected costs, fines and fees because of their attempted savings. Simply put, attempting to save costs by not investing into data management is a false economy.
Archives remain a gold standard for retention and deletion
While the establishment cost for setting up proper archiving policies is not inconsiderable, archives can handle a number of tasks and serve as a form of risk mitigation going forward. As such, investing into an organization’s future is never a bad plan and should be investigated with an open mind.
Your Data In Your Hands – With TECH-ARROW
