How to properly protect and retain data
Are there any best practices for creating a records and/or data retention policy? High turnover causes "brain drain" and loss of completed work because users store information on their hard drives or in their email.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

This is a common concern for many organizations and it requires a few solutions that work together in a synergistic manner. Although your question pertains to an organization's intellectual property, you may also need to look at this issue from a regulatory perspective. Different regulations require organizations to retain certain types of records for specific amounts of time. Therefore, there is not only the threat of losing work that the company has paid to be completed, but also penalties of being non-compliant to certain laws and regulations. Not properly protecting data can also bring about lawsuits and potentially criminal offenses. However, because the crux of this question is about productivity degradation, let's examine it from this perspective.

One of the best ways to handle this situation is to create a holistic backup solution. In many software development environments, programmers must save their work to a central source save database, which is usually backed-up each night. This ensures that work is not lost if a hard drive fails.

You could also setup automated backup jobs to back up specific directories on servers and workers' workstations. This can occur each night or every Friday night depending on what makes sense for your organization. With this approach an organization would retain a good amount of data that can potentially be used if an employee leaves the company. It would be wise to include a clause in your policy that informs employees that if they want to access a Web site, they will have to physically sign or click 'Yes.' Doing so, will help you avoid someone claiming to have had an expectation of privacy. You should also consult with your legal counsel when creating this policy to make sure your company is properly protected.

Another more costly approach is to implement a storage area network (SAN). Companies usually implement SANs because they have a lot of data to store and keep track of, not because they are afraid of the data leaving the organization, so this could be overkill for your needs.

Finally, your organization can look at various data backup solutions, SANs, email archiving systems and electronic content management repositories.

If you're interested in learning about email archiving, visit our sister site SearchSMB.com to read the tip, Top 10 best practices for email archiving:

  • http://searchsmb.techtarget.com/tip/1,289483,sid44_gci1159997,00.html

    • To learn more about data retention and archiving, please review the following Web site:

  • http://www.complianceresources.org/solutions/record_retention.html

    • Although there isn't necessarily a standard on how to write a retention policy, the following SANs paper provides some direction and a template:

  • http://www.sans.org/rr/whitepapers/backup/514.php

    • The following are some example policies:

  • http://www.pitt.edu/~provost/retention.html
  • http://www.olemiss.edu/depts/telephone_exchange/Records/RECORDS.htm
  • http://process.umn.edu/groups/ppd/documents/policy/record_retention.cfm
  • http://www.dartmouth.edu/~osp/resources/policies/dartmouth/dataretention.html

    • For More Infomation:

  • Create an effective storage security policy.
  • Learn how to create and manage security policies.

    • This was first published in June 2006