Preparatory steps:
Data retention refers to your company's policy regarding how long retention data will be stored and/or archived as well as removed when no longer required, to meet legal, operational, and regulatory compliance.
Today, it is important for organizations to remember to not store data longer than what is required. According to the Information Systems Audit and Control Association (ISACA) journal written by Lorrie Luellig, J.D., and Jake Frazier from IBM, “A lack of insight into what information needs to be kept, has led many organizations to accumulate mountains of electronically generated debris in the form of excess applications, servers, storage and backup tapes that no longer have any utility.”
According to a recent IDC report, the amount of data stored globally is doubling every four years. It is expected to reach 8.9 ZB by 2024. Yet a surprisingly small percentage of this data is considered business critical. The exponential growth of data collection has created a problem as a vast majority of data (dubbed "dark data") sits unused. It's generally unseen by users as it may be unstructured and disorganized. It may create unnecessary costs in terms of resources that could be better focused in more important areas. In a survey of corporate CIOs and general counsels conducted at the Compliance, Governance and Oversight Council (CGOC)1 summit, it was found that 69 percent of all the data collected and maintained by most organizations had no business, legal, or regulatory value at all.
While regulatory compliance is often cited as the reason for dark data, the truth is that an overabundance of dark data may be caused by data mismanagement, poor communication, or a data-hoarding mindset. Dark data also represents risks beyond just unnecessary costs. With new data regulations appearing (GDPR, CCPA, etc), the need to remove specific data over time is also necessary to maintain compliance.
So it's time to get a handle on this "dark data". Understanding what your organization is working with through mapping and classification of your retention data is the first step. Classifying the data that you are collecting is a matter of law (GDPR). It's wise to compare the legal regulations that you are required to uphold to understand their similarities and differences. Your classified data sets can then be assigned a risk level, and through the identification of your minimal requirements, a policy for this data can be created.
To purge redundant, and identify irrelevant data, we must have a data retention strategy. It's time to define what retention data will be retained for how long, and at what point it will be removed. This policy directly affects your backup jobs and must be supported in the features of your backup solution.
NovaBACKUP makes it easy to implement your data retention policy through our backup software solutions. You can set up a custom data retention schedule so that only necessary backup data is stored. As every business is different, software flexibility to fine-tune adjustments is important. You can select how many valid backups to keep and for how long. Select what types of backups you wish to retain (file backups, image backups, incremental and differential backups). A few good rules of thumb to follow regarding your data retention include:
To defend against cyber threats like ransomware, multiple copies of data are often required. Using NovaBACKUP's data retention functionality gives backup administrators direct control over what backup data is retained and for how long. You can meet your business, financial, legal, and regulatory needs for data retention with fast, efficient software and a few good policies. Speak to one of our backup experts today to assist with your data retention strategy.
1Lorrie Luellig, J.D., and Jake Frazier, J.D. "A COBIT Approach to Regulatory Compliance and Defensible Disposal." https://www.isaca.org. ISACA JOURNAL, VOLUME 5, 2013. Web. 26 SEP. 2014.