Data Retention

Noemi Wee

Data Retention
Is there a standard for creating Data Retention Policy?

Lucy Opsitnik

RE: Data Retention
(in response to Noemi Wee)

I think this would really depend on the organization.  Is retention legislated in any way?  Can you categorize the information in terms of business value?  Is it structured or unstructured data and does this influence your decision to keep it?  I'm not aware of a standard although I've worked in different organizations that have their own practices to meet their unique needs.

Chris Collins

RE: Data Retention
(in response to Noemi Wee)


Depends on the information being held - transactional information will have financial legislation that drive your minimum requirements.  personal information may be driven from tax legislation etc.

 

In general, I've found working across the UK, Aus, and NZ markets 7 years is usually a good minimum retention period.  Thereafter is up to you.

Bellili karim

RE: Data Retention
(in response to Noemi Wee)

I think , there is no standard for that, it depends on what the organisation want to show, or what to keep. It is also matter of the country legislation 

Jeff McDonald, CDMP

RE: Data Retention
(in response to Noemi Wee)

Your "standard" for a data retention policy is best designed around the needs across the enterprise and the type of data that is being retained. It is best to begin by determining what hard rules may be in place for data based on legal and regulatory bodies for your country/state. Next you would approach it from an operational view to identify data that would be related to maintenances, safety, transactions, etc.,. Next, communications data such as email, text, Skype and such. Most data of this nature can be kept as little as 3 years.

 Two things to consider when creating your retention guidelines:

1. Unnecessary data takes up valuable server space and costs money to retain.

2.In an audit or regulatory case, you must consider discoverability of all data and the liability/risk that it imposes.   
 

Jeff McDonald, CDMP

Data Governance Consultant | Enterprise Data Strategy and Governance with Xcel Energy

William McKnight

RE: Data Retention
(in response to Noemi Wee)

As the others have said, it's bounded on the low end by regulations. It may also be bounded on the high end by the Legal department. Notwithstanding those constraints, unless the data quality is irredeemable, I encourage keeping all data for all time and in accessible formats. It may be helpful to your AI strategy. You may have to account for business condition change over the years in the data, but it should be worth it.

Akshay M

RE: Data Retention
(in response to Noemi Wee)

When organizations create or revise a data retention policy, the following actions will help.

• First and foremost, have a data retention policy that meets legal requirements, business needs, and other important factors.

• When creating a policy, start small and ramp up as your needs change.

• Keep it as simple as possible to help with employee adherence.

• Implement different lifecycles for different data types, due to different legal and business impacts.

• If data includes customer, subscriber, or user information, inform customers how their information is stored by type.

• Keep information on customers, subscribers, and users for no longer than necessary. If data has customer, subscriber, or user information that isn’t required (e.g., sales growth data), anonymize it.

• When possible, allow customers, subscribers, and users to have control over how their data is employed, and give them instructions on what steps they can take.

• Be able to justify the reasons behind the policy details.

• Use software to manage the data retention tasks. Automation is good. Some examples of software that you can use are IBM system storage archive manager, Oracle information lifecycle management, LZMA, and 7-Zip, Azure data migrationWindows virtual desktop azure

• Maintain the ability to override the software. For example, a lawsuit or audit may require you to keep data longer than the policy deems.

• Consider whether data should be archived vs. deleted. Deletion is permanent, but archiving incurs running costs. Deletion costs less, but archiving can solve possible problems in the future.

• Files that are not frequently accessed should be moved to a lower-level archive so that you can find other data more easily.

• You should organize and store archived data so that you can access and search it when needed.

• Back up data. This is not only a good idea for data retention, but for data management in general.

• Ensure data is secure throughout its lifecycle. This is not specific to data retention.