Developing a Data Retention Policy: What data do you HAVE to backup?
In our previous article we outlined a brief history of and comparison of tape backup environments to disc backup environments. Understanding how your details are retained will be the first and critical key to designing an information retention policy, although the next steps can be a extra murky and sophisticated.
Depending on industry when you conduct business, the information you have retention policy may be dictated by legal or business retention requirements. For instance, a legal retention requirement includes:
Each state has unique legal requirements on what long medical records is required to be maintained
Every business’ tax records are to be kept for at least Three years - but there many exceptions for this rule: You need to keep all employment tax records a minimum of Four years right after the date that this tax becomes due or is paid, whichever is later.
In Texas, Sales and Use Tax records need to be retained for 4 years.
Businesses subject to OSHA regulations have specific requirements how long their data should be retained
Food manufacturers are needed to track all the ingredients as well as location of origin during the unfortunate event of poisoning
Machine shops should maintain records on from where the material origin during product failure
The The Massachusetts Society of Certified Public Accountants has published a great resource on this subject here. Besides what you're legally necessary to do, you'll find compelling business arguments for retaining your information for time. How long you have to maintain customer or accounting records. Check out many scenarios that could impact your organization, as an example, should you offer any kind of warranty or credits? Will there be any potential for a recall to your manufactured items? What is the general practice inside your industry for maintaining business records? Imagine if you are to dispose of the business, for how long of a history would a possible acquirer want?
Start the information you have retention policy by inviting key employees to a brainstorming session and request, what happens if we will need to go back in time to retrieve for data for:
A tax records audit
A labor law compliance audit
A product or service liability lawsuit
A work practices claim
A worker tort such as a sexual harassment claim
and start to generate your policy around these scenarios. Check it against both legal data retention requirements and your own business retention needs. To some extent 3 in our series on developing an effective data retention policy, we’ll make a checklist to follow when arranging your business’s data retention policy.
Please visit: http://www.globaldatavault.com/blog/developing-a-data-retention-policy-what-data-do-you-have-to-backup/