TORONTO, March 16, 2023 /PRNewswire/ - The amount of data organizations produce daily is staggering, and many IT leaders struggle to manage the ever-increasing volume. As a result, the unnecessary retention of sensitive data has led to a challenge in maintaining compliance obligations. As these issues continue to grow, organizations may find it challenging to identify where the greatest data risks lie. To help guide IT leaders in managing unstructured data sprawls and risks, global IT research and advisory firm Info-Tech Research Group has published its industry blueprint Build an Effective Data Retention Program.

"Data retention is a challenge for many organizations. Ideally, it would be great if the business could fully automate records retention and deletion and never think about it again," says Logan Rohde, senior research analyst at Info-Tech Research Group. "Even organizations that do data retention well are often forced to use some semi-automated or manual processes to adhere to their retention schedules. In other words, there is no perfect solution to resolve data-retention challenges once and for all."

The firm's research outlines how data retention requires full-time staff resources, but it often receives less than part-time hours. Thus, organizations do not have the resources allocated to validate whether the data retention schedule is being followed.

Info-Tech's data-backed blueprint suggests that the best approach to resolving the difficulties of building an effective data retention program is to identify the organization's retention requirements, develop a retention schedule, and then develop a risk profile for its data processes and types. While a retention schedule won't ensure retention-related risks are managed effectively, the key lies in identifying risky data and finding solutions to reduce them.

Effective data retention offers several benefits, such as reduced physical storage costs, by balancing retention requirements with the ability to purge unneeded data. It also provides increased insight into risky data processes, types, and repositories. To help organizations build an effective retention plan, the firm advises IT leaders to consider the following factors:

1. Requirements

Retention Laws and Regulations: Some laws and regulations will mandate retaining data for a minimum period, which must be reflected in the retention schedule.

Minimization Laws and Regulations: Laws like GDPR will force delete data once its usefulness has expired. Usefulness is an open-ended term but does not include indefinite retention.

Business Needs: Business needs are a broad category ranging from future R&D to retaining data with legal defense needs in mind. Regardless of the need, it carries a risk.

Data Types: For retention to work well, businesses need to bundle records based on similarity.

2. Governance

Successful data retention is closely linked with security governance, compliance, and data classification. However, most organizations struggle to establish a reliable data retention schedule without these guardrails.

3. Enforcement

IT leaders need to determine which data types carry the highest retention-related risk and prioritize data processes, types, and repositories that need retention-risk remediation tactics applied.

Info-Tech's blueprint advises that organizations be beware of conflicts in their obligations. Some regulations and laws dictate that data must be retained, while others demand that data be deleted once it is no longer in active use. Therefore, IT leaders need to make a judgment call regarding the right retention period, which should be done in conjunction with the legal counsel.

