A crucial pillar of information governance is data retention. As organizations collect increasingly vast volumes of information, one question will inevitably emerge: How long should we keep it all? Unfortunately, as with most things in the IT world, the answer is not as simple as looking toward compliance and legal requirements.
In fact, relying entirely on the legal department is one of the seven deadly sins of data retention, according to CSO contributor Sarah Scalet (gluttony may also make the list in the era of big data). The problem with shifting the burden entirely to one department is that legal and compliance mandates will vary depending on what type of information you're talking about. So, data stored from the company's project management software could have vastly different retention requirements than information from its financial accounting suite.
The first step in solving this problem is gaining visibility over what information your organization has and how each type of data relates to compliance. Triwest Healthcare was able to partially address this issue by putting together a 243-line spreadsheet that outlined retention requirements for all the data stored. As the news source noted, this alleviated much of the burden related to data management and compliance. Although not the most efficient strategy, it does show the long-term benefits of taking the time to better categorize digital assets. The organization also deserves bonus points for outlining which department is responsible for erasing data after the retention date, which eliminates arguments over whose job it ultimately is.
What's Storing All That Data Anyway?
Another issue that many organizations must deal with is the technology they're using to store all that information. One of the issues that Gartner's "Information Governance: 12 Things to do in 2012" report highlighted is the fact that many organizations are still relying on tape-based storage without enough insight into what data is actually on those devices. Ironically, while this is often done to satisfy compliance needs, difficulty in finding specific data for an audit can make meeting regulations a more complicated process.
As Gartner suggested, it may be time to revisit your data retention strategies. In addition to transitioning away from physical tape storage to alternatives such as virtual tape library technology, organizations can also improve their governance strategies by simply storing data in the appropriate medium. For example, researchers suggested that many organizations use backup technology as makeshift archival solutions, which is unnecessarily expensive.
The key takeaway is that determining data retention length is a multi-step process that starts with understanding the current data environment and matching types of information to the relevant compliance requirements.