Data Management Best Practices

January 11, 2022
Data Migration, Data Protection

Data Management Best Practices: Data Retention, Data Backups, and Data Archiving

There are many articles and blogs that discuss the rapid growth of data. There is far less regarding what to do with all that data. One thing we know is that some – maybe a lot – of that data must be retained for a certain period of time in order to meet regulatory standards like HIPAA, PCI-DSS, or GDPR. There’s also may be data that remains important to organizations and will be needed at some point but likely not for a long time.

That’s why data retention policies, which cover both data backup and data archiving, are key components of an overall data management strategy. A data retention policy helps ensure that the business backs up or retains/archives specific data for the appropriate amount of time.

 

Backups vs. Archives

It’s important to note that data backups and data archives are similar in that they both contain types of information that is important to an organization, but their functions differ.

A data backup is a copy of data that’s necessary for the workloads currently being run. If that data were lost or corrupted, it could result in business disruption and downtime. To avoid that, the data is copied from a primary location to a secondary storage location or device from which it can be easily and quickly be recovered in the event of a disaster, accident, or a malicious action.

Some organizations fail to backup critical data, leaving them vulnerable if a ransomware attack or other type of disaster occurred. Others back up too much data, making the data recovery process slow. Plus, unnecessary retention and full backups can consume expensive storage space and decrease network access speed.

Data archives are comprised of data that isn’t currently being used, such as legacy data and data that must be retained for historical, legal, or compliance purposes. It’s important but isn’t frequently used. This kind of data can be stored in lower-cost storage designed for long-term retention. Among the downsides to long-term storage is that it takes longer to find and recover data.

As part of an organization’s data management strategy, a data retention policy helps ensure that an organization retains or backs up the appropriate data for a suitable amount of time. It identifies the various types of data and specifies where it should be stored and for how long. It also covers how the data should be handled once the retention period has ended.

Free Download: Data Protection 101

 

Data Retention Best Practices

While the composition of a data retention policy will vary based on each organization’s business needs and requirements, there are several best practices that should be considered. Among them:

  • Identify the various types of data you have, where it resides, how it’s used, who has access to it, and its importance to the business.
  • Note what data must be regularly backed up, and incorporate your backup plan into your data retention planning efforts.
  • Determine the laws and regulations that govern your data retention requirements, as well as those specific to the various types of data you have.
  • Identify any business or operational requirements for retaining data longer than is legally required.
  • Establish retention requirements for each type of data, incorporating information from the previous steps. Although it might be tempting to operate with an abundance of caution and retain data indefinitely, doing so puts your business at risk. Excess data consumes valuable storage resources, slows down systems, and makes you vulnerable in the event of a data breach or security incident.
  • Specify what happens to data after the designated retention period ends. If data deletion will occur, be specific in terms of how and why.
  •  Assign storage locations/types for the data. Backups should be stored in a way that allows them to be quickly recovered. Archived data doesn’t require quick access so it can use lower-cost storage such as object storage.
  • Employ data cleansing to eliminate redundant data and correct errors. There’s no reason to spend money on storing duplicate data or data with errors.
  • Plan for how archival data will be handled, including any mechanisms for facilitating or automating the archival process, and who can access the archives, and under what circumstances.
  • Specify how both backups and data archives will be protected against corruption, theft, and accidental or intentional deletion.
  • Incorporate a plan for legal hold so that if data is subpoenaed, it won't automatically be deleted once it reaches the end of its retention period.
  • Be transparent. Let users and customers know what data you keep, how it’s stored, how it’s protected, and how it will be used. If appropriate, give them control over how their data is used.

 

More Resources

For additional information about data retention, data backups, and data archiving, take advantage of these resources:

7 Steps for Building a Data Retention Policy

Data Retention 101: A Basic Guide to What to Keep

Data Management: The Data Storage Dilemma

Immutable Object Storage

Data Protection Goes to the Cloud | Cloud-based Backup, Replication and Data Archival