What are some data retention policy best practices?

Aside from regulatory compliance concerns, what factors should be considered when setting a data retention policy?

When developing a policy for data retention, it’s important to consider the reason why the organization is archiving...

data in the first place. Here are some data retention policy best practices to keep in mind

Before we get to those data retention policy best practices, keep these two questions in mind: Does the IT department need to free up space on some of the servers? Are the servers' contents becoming so cluttered that it's becoming increasingly difficult to locate data? These two questions have a major impact on the way the data retention policy should be constructed.

With those two questions in mind, one of the first best practices to keep in mind is knowing what data needs to remain live, and what data should be archived. Typically, this determination is going to be made based on data age, but not always. In some cases, it is important to also examine criteria such as when the data was last accessed, and the data type.

Suppose, for example, an organization has plenty of free space on the file server, but they want to cut down on some of the clutter. With this goal in mind, they decide to create an archive policy that moves anything older than five years to the archives, and then deletes anything more than 10 years old.

Although this might sound like a reasonable approach to creating a data retention policy, it may have unwanted consequences. For example, what happens if a spreadsheet was created six years ago, but is regularly updated? If the data retention policy only looks at the creation date, then the spreadsheet would be archived even though it is regularly used. It tends to be much more effective to base a retention policy on the last access date rather than the creation date.

Data retention policies can also backfire in other ways. Let's say 11 years ago your organization signed a 15-year lease for its office building. In all likelihood, nobody has looked at the document in the last 10 years, but is it really something you want deleted?

The point is, data retention policies are not something to take lightly, and it is important to consider the long-term consequences of implementing a policy.

Next Steps

How to develop and enforce an electronic data retention policy

Building an effective Exchange data retention policy

Establish a geographical data retention policy

What retention tools should an Office 375 admin use?

This was last published in October 2014

Dig Deeper on Backup and recovery software

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.