Yes, we’re living in the age of big data, where 2.5 quintillions of data – that’s 2,500,000,000,000,000,000 bytes – are created every day. But while most of the data is useful, that still leaves a lot that’s outdated, old, or no longer relevant. And when it comes to migrating to the cloud and utilising cloud solutions, data becomes even easier to store and allow to pile up. And what exactly should you do with that data? How do you know what you need to keep and what you don’t? And what is the right way to dispose of it?
The legal aspects of data retention and destruction
The laws around gathering, storing, and destroying data are in a state of flux as government and regulatory bodies move to keep pace with today’s data-driven environment. As a result, most organisations are holding onto too much data because compliance is so challenging and complex. However, this is a risk in itself because the longer you keep data, the riskier it becomes in the event of a data breach. It’s also more likely to contravene APP11 (Australian Privacy Principle 11), which states that personal data must be destroyed or made unusable as soon as the primary purpose for storing it is no longer appropriate.
How to create a data retention policy
First, it is important to note that legal requirements are different across industries, according to their level of risk, regulatory bodies it must report to, the data you hold, and more. But there are some basic best practices that your business can follow to create a robust data retention policy.
- Evaluate your data and documentation
- Assess the documentation your business works with and the data you gather
- Understand any legal reporting or data management requirements for the data and documentation
- Account for any other reasons you may need to keep data or documentation for longer than the mandatory period (for example, if this period is at risk of extension)
- Determine a standard storage time for documentation with no legal requirements
- Evaluate different data types
- Consider having a different policy for data types based on the regulations that apply to them – public, internal-only, confidential, restricted, etc
- Prioritise your data from most to least risk
- Decide on a format for each different data type and a categorisation process, for that it can be consistently and efficiently tagged, found, removed, and organised
- Decide on designated parties for handling different data types, for example, which representatives oversee moving, modifying, or deleting it
- Simplify your policy and processes
- It’s very easy to overcomplicate a data policy, so put effort into keeping it simple and efficient
- Invest in software solutions that offer appropriate compliance, reliability, and ease-of-use
- Integrate your technology to support automation with human oversight, letting tech handle the day-to-day and make it easy to find and utilise data in workflow processes
- Get stakeholders onboard
- Get every department and stakeholder on the same page and contributing to your data management efforts, from legal, accounting, and executives to compliance, customers, and IT partners
- Get input into the particulars of the data management policy, including how data will be retained, the regulatory requirements, consent to collect and store data, and destruction of data
- Be transparent with your customers, clients, suppliers, and other third parties
- Make data security, backup, and recovery essential
- The more data you hold, the tastier it is to hackers and the more vulnerable it is to breaches and accidents
- Strong cybersecurity is critical, so consider a cloud solution that offers robust compliance and data security
- Don’t mistake your cloud solution for a disaster recovery and back-up solution – a second storage location is critical if your cloud access or accounts are somehow compromised
Make big data simple with expert cloud solutions, automation, and cybersecurity
At Otto, we work with your tech staff and leadership to develop and implement technologies for your budget and sector, setting you up and supporting you with the best tech to deliver exactly what you need. We can supplement your tech department or run it ourselves, supply you with vCIO and consulting services, implement cloud and data management solutions, deliver tech support, implement hybrid working solutions, and so much more.
Because we’re an SMB ourselves, we understand exactly what you’re up against – and we know what works. We’ll help you keep tech costs affordable and under control, deliver exceptional client service (in fact, your satisfaction is the ONLY KPI we track), and let you get back to what you do best.
Let’s chat about turning tech headaches into workable, affordable solutions that make business more compliant, more productive, and more profitable.