Data retention isn’t about keeping all of your data. It’s knowing what to keep and what to delete permanently.
Whether you’re a small business or a corporate enterprise, developing a data retention policy is crucial for cost management, liability, and keeping processes running smoothly. When it comes to electronic data, exactly how much are you supposed to keep and what files should be deleted? In the age of unlimited cloud storage, it may sound like a good idea to “keep it all,” but this can lead to lost data, data hoarding, and disorganization. Here are the basics of data retention, no matter how much data you store.
Data retention largely depends on state and federal laws.
Securities brokers and dealers are required to retain all business-related communications for three years, the first two years in an accessible format. All businesses must retain federal payroll tax records for at least four years from the date the tax is paid. Federal guidelines may conflict with state retention guidelines. In this case, follow the most conservative.
Electronic data retention follows the same retention rules as paper documents.
Many businesses use electronic imaging to store and retrieve electronic records. This involves a higher initial cost with labor and imaging services but saves on storage fees, protects against loss and damage, and allows for faster recovery and sharing of information. You should hang onto bank statements for a period of 3 years if you’ve been audited by the IRS. As far as tax returns are concerned, the IRS suggests that you “keep records for 3 years from the date you filed your original return or 2 years from the date you paid the tax, whichever is later.”
How you store your data is crucial. Who has access is even more important.
Just as you would organize paper files, electronic files need a filing system for easy retrieval and efficiency. Make a policy about which records are private with limited access to internal employees, current or prospective supervisors, and which are confidential to only limited staff.
When it’s time to clean up, destroy the data.
Businesses should regularly schedule paper shredding services once documents exceed the approved time limit. For paper destruction, use an outside agency with an approved record destruction program including the shredding of confidential documents. For digital records, your safest course of action is to use a hard drive destruction service.
One of the most difficult issues involved in the retention of data is knowing how long the data must be retained. While it may seem attractive to store it all in the cloud, make sure you’re only keeping what you need, have a digital filing system in place, and destroy anything that is no longer useful.
- Have Hard Drives To Get Rid Of? Here’s How To Do It Safely
- Data Hoarding? Shred Those Drives and Unused Documents
- Heads Up, Small Businesses: Take Your Data Security Seriously