The first goal of document retention policies is to make sure employees retained all company emails, texts, chats, and voice messages. The new goal is to make sure your policy includes a plan for getting rid of all that same information in a timely manner. Legal circles call it ‘defensible deletion’.
Bob Dibert, an attorney at Frost Brown Todd, recommends that companies put a new emphasis on data minimization with their retention policy. he states “The FTC Consent Order requires the business to make such an inventory and deletion at least annually.”
Last fall, the Federal Trade Commission sanctioned a data warehousing and management business for keeping–and then losing through a data breach–consumer data that should have been deleted because it was no longer needed.
To balance data minimization with requirements to preserve legally significant information, Dibert suggested that companies establish both a retention and secure disposal schedule for each communication channel and make sure that each schedule complies with applicable statutory or regulatory requirements.
The challenge with that requirement, according to Alaap B. Shah, a member of the Epstein Becker Green law firm, is understanding which governmental rules apply to which documents. He recommends starting with a robust data mapping and classification exercise to identify what kind of information is subject to what rules. “Companies can start to think critically about how to categorize those data, what rules or business needs may apply, and set retention and destruction schedules,” he said.
Where to start? Let InfoDNA Solutions bring their expertise and technology – Topla – to help identify and assess where to start the effort. Bring the ability to look across all your repositories – rather they are formal document stores or just network drives – and help decide what is important and how to better manage it moving forward.