NovaBACKUP Security Blog

Build a Relevant Data Retention Strategy

Data Backup Retention

Do you have a well-thought-out backup strategy with policies for the retention and archival of important data? Does your current data-retention strategy truly address your organization's current need and legal requirements or was it more of an afterthought? Possibly your data retention was even a process inherited from whenever original backup jobs were created, a time when your organization's restore needs might have been very different.

As simple as data retention may seem, factors such as the type of storage that you are backing-up to or the regulations your organization must comply with, could force your hand in creating a retention schedule that you would never have otherwise imagined.
( See our Blog Post Data Retention Best Practices )

Before constructing a strategy with policies for data retention, you should ask yourself the following questions:

1.) Does my organization have a legal obligation to comply with regulations for the retention of electronic business records for a specific duration of time?

Regulatory compliance such as HIPAA, FOIA, and SEC 17a-4 requires, among other things, that data be retained for a certain amount of time. For example, SEC 17a-4 requires that "Every member, broker, and dealer subject to §240.17a-3 shall preserve for a period of not less than six years, the first two years in an easily accessible place" (

Under this requirement, if the required backup data is equal to 1 TB of data per week, you would need a total of 312 TB of long-term storage space, 104 TB of which must be easily accessible, and 208 TB would most likely be offsite on tape storage. This regulatory compliance screams for a long-term, large-capacity, storage solution. So, an organization must ask, how much data can we store, and how long can we store it for?

2.) Are you backing up to Disk, Tape, Cloud Services, or a combination of mediums?

The most popular medium types are various forms of disk, tape for archival, and leveraging the cloud, for off-site protection. A disk can provide a fast, reliable near-term solution for backup data. However, for long-term storage of substantial amounts of data, tape remains an inexpensive and reliable medium. Tapes can be sent off-site for long-term storage and, they cost less to store than many cloud storage options. 

3.) Is the retention policy of your backup software associated to the “savefile” or your backup medium?

Don't get sold on whether your retention period is tied to a savefile (saveset) or a media pool. Just know that you should not keep data with different retention periods on the same tape. Why, because if you have data with a 30-day retention period on the same tape as data with a 6 years retention period, guess what? The 30-day data will be kept for 6 years. Not only is this inefficient but it might actually break regulations that call for the removal of private data when it is no longer required.

4.) Do you send backup media off-site?

Storing tapes off-site requires the ability to quickly track the data. If you are using a single tape device, this can become a labor of love. You will most likely maintain a spreadsheet with all the tape labels, date(s) written to, and status (off-site, scratch, etc.). On the other hand, a tape library, with the proper backup application, will provide the best solutions for tracking data whether it is on-site (in a library) or at an off-site location.

Remember, the purpose of backing up and archiving data, is to restore data when you need it; be careful because "the devil is in the details". These four considerations will aid in crafting a solution that meets the needs of your organization and ensures that you avoid any fines that may be levied for violating regulatory compliance. Once you’ve collected all of the detailed requirements for retaining your business-related data, you can implement a data retention plan with the confidence of knowing that you have protected your company and its data from all foreseeable threats.

To learn how to build a better backup strategy, download NovaBACKUP's Backup Strategy Guide today.

Works Cited - Financial Industry Regulatory Authority, Inc, 2014. Web. 27 Dec. 2017.
"The Transaction Log (SQL Server) | Microsoft Docs." Technical Documentation, API, and Code Examples | Microsoft Docs. N.p., n.d. Web. 27 Dec. 2017.