Problem solve Get help with specific problems with your technologies, process and projects.

How to properly protect and retain data

Improperly securing, and storing, data can lead to a plethora of problems, including productivity degradation and non-compliance. Learn how to properly protect, and retain your corporate data in this security management Ask the Expert Q&A.

Are there any best practices for creating a records and/or data retention policy? High turnover causes "brain drain" and loss of completed work because users store information on their hard drives or in their email.
This is a common concern for many organizations and it requires a few solutions that work together in a synergistic manner. Although your question pertains to an organization's intellectual property, you may also need to look at this issue from a regulatory perspective. Different regulations require organizations to retain certain types of records for specific amounts of time. Therefore, there is not only the threat of losing work that the company has paid to be completed, but also penalties of being non-compliant to certain laws and regulations. Not properly protecting data can also bring about lawsuits and potentially criminal offenses. However, because the crux of this question is about productivity degradation, let's examine it from this perspective.

One of the best ways to handle this situation is to create a holistic backup solution. In many software development environments, programmers must save their work to a central source save database, which is usually backed-up each night. This ensures that work is not lost if a hard drive fails.

You could also setup automated backup jobs to back up specific directories on servers and workers' workstations. This can occur each night or every Friday night depending on what makes sense for your organization. With this approach an organization would retain a good amount of data that can potentially be used if an employee leaves the company. It would be wise to include a clause in your policy that informs employees that if they want to access a Web site, they will have to physically sign or click 'Yes.' Doing so, will help you avoid someone claiming to have had an expectation of privacy. You should also consult with your legal counsel when creating this policy to make sure your company is properly protected.

Another more costly approach is to implement a storage area network (SAN). Companies usually implement SANs because they have a lot of data to store and keep track of, not because they are afraid of the data leaving the organization, so this could be overkill for your needs.

Finally, your organization can look at various data backup solutions, SANs, email archiving systems and electronic content management repositories.

If you're interested in learning about email archiving, visit our sister site SearchSMB.com to read the tip, Top 10 best practices for email archiving:

  • https://searchcio.techtarget.com/tip/Top-10-best-practices-for-email-archiving
  • To learn more about data retention and archiving, please review the following Web site:

  • http://www.complianceresources.org/solutions/record_retention.html
  • Although there isn't necessarily a standard on how to write a retention policy, the following SANs paper provides some direction and a template:

  • https://www.sans.org/rr/whitepapers/backup/514.php
  • The following are some example policies:

  • http://www.pitt.edu/~provost/retention.html
  • http://www.olemiss.edu/depts/telephone_exchange/Records/RECORDS.htm
  • http://process.umn.edu/groups/ppd/documents/policy/record_retention.cfm
  • http://www.dartmouth.edu/~osp/resources/policies/dartmouth/dataretention.html
  • For More Infomation:

  • Create an effective storage security policy.
  • Learn how to create and manage security policies.
  • This was last published in June 2006

    Dig Deeper on Information security policies, procedures and guidelines

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.