7 Steps for Building a Data Retention Policy

October 10, 2019
Cloud, Data Protection, Disaster Recovery

It’s estimated that the world's data will grow to 175 zettabytes in 2025, with approximately 463 exabytes created each day. That’s a lot of data. Whether for regulatory, legal, or other reasons, we’re going to need to store much of it. Or at least we think we do. 

Why You Need a Data Retention Policy

Not all data needs to be kept forever. Unnecessary data storage takes up valuable space and increases costs.

A clear but comprehensive data retention policy can help you determine what information needs to be stored, how accessible it should be, how long it should be stored, and what to do with it when it’s no longer needed. It can also shape your data backup plan by outlining what data needs to be backed up, how often, and where it needs to be stored. 

Your Data Retention Policy To-do List

Whether you’re developing a new data retention policy or evaluating an existing one, here are some key steps and best practices to include:

1. Conduct a data audit.

  • Identify the kinds of data you have. This could include documents, emails, online shopping cart data, lists of social media fans and followers, customer records, spreadsheets, receipts, financial reports, tax documents, images, videos, and much more.
  • Determine where all your data is, how it’s accessed, who needs access to it, what it’s used for, and how frequently it’s accessed and/or used. Don’t forget about data stored by third parties.
  • Prioritize your data based on its value to your organization.

2. Review the legal requirements for retaining your data.

  • Note all laws and regulatory requirements that affect your data, especially if you’re in a regulated industry.
  • Work with your company’s legal team to determine what kinds of data must be kept and for how long as well as any requirements for disposing of data.
  • Take into consideration any internal company rules that could affect data retention and disposal.

3. Categorize your data.

  • Start separating out data that must remain live, data that must be retained but has to be easily accessible and data that must be retained for various lengths of time. Also, note any data that you’d like to keep but aren’t required to keep. You’ll want to determine if the desire to keep certain kinds of data is worth the cost.
  • Make note of data that must be backed up for disaster recovery and business continuity purposes.

4. Calculate your storage needs.

  • Determine how much storage space you have and whether you need to free up server space, cut down on clutter, find more affordable options or expand storage.
  • Check to see if any of your company’s legal or compliance requirements mandate that your data has to be stored off-site. Most regulated industries have a stipulation for this, but it’s a good idea even for companies in unregulated industries.  
  • Make sure to consider your data backup needs.

5. Assess your storage options.

Figure out the kind and amount of storage you need and whether you should use tiers of various types of storage to accommodate different retention times or data types.

  • Object storage, one of the storage options at US Signal, offers easily accessible storage capacity that can be scaled with almost infinite capacity. It’s ideal for cost-effectively storing large quantities of data, including unstructured data.
  • File storage, which is also available at US Signal, offers unmetered data transfer in and out of the storage array and unparalleled security for data storage and transport.
  • Storing data on tape for years is typically cheaper than storing it in the cloud. It also uses less energy than disk storage. Like the public cloud, tape provides off-site storage. However, restore speed is slow. You shouldn't use tape for data that requires quick recovery.
  • Disk is more expensive but faster than tape. But it’s not cost-effective for storing data that needs long-term retention and probably won't be accessed.

6. Set up and implement your policy engine.

  • Include as many different fields as necessary to ensure you cover all data and use cases. Common ones include user, department, folder, file type, and data type.
  • Establish rules for retaining data and for moving it to different storage tiers, if required. Some data may need to be stored locally for fast access and availability. You may be able to move other data to lower-cost storage options depending on how long it needs to be stored and how often it will be accessed.
  • Determine if you want to use automated software to enforce the retention rules.
  • Include rules for disposing of data.

7. Document everything. 

  • Whether for compliance purposes, your disaster recovery plan, or just for keeping your staff informed, make sure to document your data retention and disposal strategy.

Protect Your Data Too

The most well-thought-out data retention policy will do you no good if your data is stolen, corrupted, or simply unavailable. Make sure you also have a data protection strategy in place, including plans for disaster recovery, backup, and overall security

Talk to US Signal

To learn how US Signal can help you evaluate your data retention and storage options, call 866.2. SIGNAL or email [email protected].