Quick, look at your data. Like, really look at it.
Companies and organizations with an interest in data retention management have a lot of options for how to take care of their information, but no clear defining standard. That’s the kind of thing that makes Andrea Simmons, a data-management consultant based in the UK, sympathetic to teams making decisions about their data.
“If something goes wrong, you’re going to need to have records,” she told IT Brew, adding, “If you’re gonna have to rebuild your business, then the difficulty there is you need everything from your incorporation documents at the start of the business, which could be 20-plus years old, and your current contract, and what you [are] supposed to be working on.”
Conflicting advice. There’s no universal standard to how long to keep data or why, and companies and organizations may have multiple reasons to keep data longer than necessary.
Simmons sees the issue of retention as, broadly, split between operational and legislative concerns. The latter has a “plethora of available signposting as to how long you should be keeping stuff” that can be confusing. But some basics are there for a reason.
“You can’t go wrong if you retain core business records for seven years, because it’s usually six-plus-one from a financial standpoint,” she told IT Brew.
Logan Rohde, an analyst with Info-Tech Research Group, said that while seven years isn’t a standard, it’s a general recommendation that is going to “keep you compliant enough to avoid problems on that side, and keep you on the right side of data risk on the other.” Ultimately, it’s a bit of smoke and mirrors, he told IT Brew, because there’s no one-size-fits-all solution.
“This is becoming a more and more complicated space because of the increase in privacy regulations and the general public’s awareness of privacy concerns,” Rohde said.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Securely fastened. Issues facing data retention management professionals, be they experts or just members of IT teams, aren’t sexy or particularly interesting. They’re simply the result of the day-to-day administration of a company’s IT needs. But take a broader view and you’ll see a more complex picture, Simmons told IT Brew, one that has multi-layered solutions. Combine that with the naturally relaxed attitude many staffers have toward IT and you could be looking at disaster.
“Don’t be uploading your source code to ChatGPT to see if it’s okay,” Simmons said. “People are going to start exposing their businesses even more by sharing more data.”
Companies and organizations who may have more complicated and ambitious goals may need to employ levels of data risk that security teams are less inclined to take on.
“There may be motivation on the business side of an organization to retain certain data types in the anticipation that it may serve them well in the future depending on how product lines get developed, or whatever product or service you provide, you might be able to mine that data for certain insights,” Rohde said.
But holding onto sensitive data comes with risks, he told IT Brew. IT teams need to classify the data and assess the retention policies against the benefits of keeping it. “There’s always that balance between how much risk is acceptable to take on and what is the benefit of doing that,” Rohde said.
“You could look at this in terms of an opportunity that exists within the data that someone is holding. However, that opportunity is always going to be theoretical.”—EH