This page contains a Flash digital edition of a book.
14
Data retention – balancing
business with IT
Over the past few years we have been conducting research on the topic
ECTIVES
of data retention in medium and large organisations across the globe.
Some particular themes have emerged, notably what makes a good data
ERSP retention strategy, and how to go about implementing it in practice.
By Jon Collins, Freeform Dynamics.
To kick things off, we should examples however, in HR regulations and guidelines as
RETENTION P
be clear what we mean by some personnel records need a challenge – particularly
T
A ‘data retention’. There are to be retained up to an age of given the volumes of
DA
multiple kinds of information 75; meanwhile, other data information that need to be
retention requirement: those protection law such as PCI retained. Part of the headache
which are industry specific, used in financial services, can is due to the sheer amount of
those dictated by stipulate “no longer than is information that needs to be
local/national regulations and absolutely necessary” for retained – equating to over
those which are commonly card-related information. half of all information for 30%
applied across international of our respondents.
boundaries. There are of A shared feature of all these
course multiple combinations types of requirement, For existing data it can be
of these, depending on where according to our research, is difficult to retrofit regulations
your organisation does that the information to what has already happened
business and with whom. management obligations they in the past. “Keep everything”
drive cause real headaches for has all-too-frequently been
As regulations tend to be many organisations. You don’t adopted as a policy, and
aimed at business and not IT, have to be a rocket scientist although this may not be
your organisation’s lawyers to think up scenarios where strategically or indeed legally
would be a good starting conflicts could arise in sound it can be operationally
place to help you understand regulatory requirements, so it difficult to consider
what you should be retaining, is no wonder that some of our alternatives. We know from
and how. To give some respondents saw such our research that this
approach is still prevalent in a
good 40% of organisations.
We also found that another
25% don’t have an
information retention policy in
place at all. While we suspect
this picture may have
improved somewhat in the
light of the HMRC data breach
and other such news, we
doubt there has been much of
a sea change.
Whatever policies or ‘non
policies’ are in place, they are
JUNE 09 WWW.SNS-UK.CO.UK
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40
Produced with Yudu - www.yudu.com