For some businesses, the space between how they define their information retention policy and how they implement it can greatly affect the way they manage their electronically stored information. A recent survey has found that there’s a significant gap between the beliefs and practices of companies with information retention plans. Issues range from insufficient implementation of information retention policies to trouble recovering information once the need arises. For instance, NYC’s Educational Department failed to respond to 526 public records requests between 2014 and 2017. Not surprisingly, the biggest stumbling block for companies seems to be the cost of maintaining and executing a successful email and social media retention plan and the feeling of “falling into a black hole” when faced with an information request.
Sloppy Policies More Common Than You Think
After 2012, the number of failed information requests rose to almost 30%. This can create problems when a company faces an eDiscovery request but is unable to comply due to a poorly implemented or non-existent information retention policy. Failure to answer to information requests can result in fines, sanctions, bad reputation and public backlash. Being prepared to handle information requests is important for many reasons, with litigation, internal investigations and public information (FOI) requests being the major ones. Which information to retain and which to delete is a question that plagues a large number of organizations. Many companies report that they are also preserving more information than is necessary. Almost 40% of the data retained by these companies was being kept unnecessarily, which can greatly complicate and reduce the efficiency of responding to an information request.Failure to answer to information requests can result in fines, sanctions, bad reputation and public backlash. Click To Tweet
Key Policy Recommendations
One of the key recommendations is the need for companies to get a grip on their information retention plans. There needs to be a clear plan for deletion of information so that companies can expunge the unnecessary data with confidence. It is recommended that companies of all sizes, both large enterprises and SMEs address their information retention needs by implementing a dedicated information archiving solution.
The Road to Retention Policy
Not sure where to start with the creation of your information retention policy? Here’s a short guide that highlights the major initiatives.
1. Create the Policy
The trickiest first step. And if you’re still wondering whether your organization really needs to have an information retention policy, the answer is a resounding yes, regardless of which vertical you belong to. The decision to let your employees decide which emails to save and which to purge will probably come back to haunt you when auditors, lawyers or compliance authorities knock at your door. Creating a retention policy is not difficult in itself. However, only if you tailor it to suit your specific needs and requirements and help you respond to your biggest challenges will it prove to be truly valuable.
2. Include Content Other than Email
Although 75% of information contained in email is considered critical to business operation, not all electronic content today is email. Organizations need to understand that the information that flows through alternative channels like social media and mobile messages is equally important. Map out all your official social media channels and appoint staff members who’ll be in charge of posting and engaging in discussions on social networks. Make sure you document the process. Peruse the regulations that apply to your industry. Check how your employees are using personal and enterprise-issued phones and include mobile communications in your policy.
3. Define Retention Periods
This is probably the most critical step in your policy creation. Again, make an effort to understand the often convoluted legalese and interpret the relevant regulations. You’ll typically have different retention periods based on the document type and the laws that mandate its retention. Unsurprisingly, the central email retention problem is the potential for important electronic records to be deleted. For this reason, your policy needs to contain strict guidelines regarding the deletion of business email, social media and mobile communications.
4. Invest into an Archiving Solution
There’s no better way to rein in your enterprise information, observe all federal, state and industry regulations (including data privacy laws) and provide relief to your IT and compliance departments than to invest into archiving technology. In order for any record to be used for audit, litigation and compliance purposes, it needs to be stored securely, inalterable (and undeletable), be searchable and have audit trail. Archiving solutions do all these things with all unstructured information ‒ email, attachments, social media, mobile calls and texts etc. In archiving, data is automatically captured, together with associated metadata (e.g. time and date of posting), and is then indexed and made searchable. Vital options such as legal hold and audit trail allow you to retain data indefinitely (often necessary when anticipating litigation) and check who accessed a particular record and what actions they performed. Finally, the expunge option allows your admins to delete all communications that are considered obsolete i.e. after a particular retention policy expires. The beauty of automation lies in the peace of mind that comes with knowing that every record is retained accurately and consistently.The beauty of automation lies in the peace of mind that comes with knowing that every record is retained accurately and consistently. Click To Tweet
5. Preach the Policy
Once you’ve established a retention schedule and developed a proper archiving strategy, train your staff. Many companies believe that automating the records retention process means training is not necessary. The staff still needs to be trained on the general concepts of records retention and learn how to use the archiving solution. Communicate the retention rules to staff and include the retention policy in the employee handbook for all new hires.
6. Revise the Policy
Compiling a list of rules and sticking to them is great, but don’t forget to revise your policy once in a while. Only a policy that is constantly updated will be successful in the long run. If you’re already archiving email, but doing nothing about social media or mobile communications, review your policies to reflect the current legislation.
If you’d like to learn more about information archiving with Jatheon, contact us or see the archiving process for yourself by scheduling a personal demo.