Why cloud data retention policies matter?

cloud data retention

If you thought that once you moved all your data to the Cloud, you’re set for life, think again. The general understanding of the Cloud is that of an ever-expanding expanse of space where one can store large volumes of data for an unlimited period of time. While this is not entirely untrue, there are Cloud applications that follow certain data retention policies which mean that your data will be deleted after a specific point of time.

So, what are data retention policies and why should you make a note of these?

Data retention policies are formulated to not just store but also to organize the information so that it can be easily searched for and accessed at any point in future. The other side to this objective is to get rid of data that has outlived its usefulness.  Hence, it becomes important for businesses to understand the policies to avoid getting caught unaware and dealing with the complexities of losing sensitive and important data.

While data loss on the Cloud happens due to a variety of reasons (like hacking, intentional deletion, a software malfunction, etc.), deletion due to human error tops the chart. Most businesses wrongly assume that data on the Cloud has a permanent life and even if it gets wiped off from an application, intentionally or otherwise, can somehow be retrieved.

Cloud applications delete the data permanently after retaining it for a specific period of time.  For instance, a glance at the guide on Cloud retention policy will tell you that data deleted from Google Drive is not backed up on Google Apps for work.  Gmail purges the deleted emails from the trash folder after 30 days. These are the fine print and important details that organizations need to take cognizance of.  

What data are we talking about here?

Before we get into the finer details of why such policies need to exist in the first place, let’s understand the definition of data here.  Data is a broad concept here that includes any kind of information. These could be all the emails, all forms of attachments, spreadsheets, files, folders, all forms of documents, image files, financial, marketing and inventory records etc. Although this is not an exhaustive list by any means, it is to give you an idea of what could be termed as data. As we can see, it encompasses just about anything that contains business-related information.

What is the idea behind retaining data for a specific period of time?

The most logical and foremost of all reasons is that the organization is better equipped to handle customer queries, provide back-dated information in case of financial audits and also to be able to lay out a comprehensive financial record of the company during business deals. A company that can boast of a clean track record is also an automatic favourite with investors and customers alike.  Since a lot of data is also electronic, having a back-up of all the digital information not only conforms to a good policy but also doubles up as a disaster recovery measure.

Apart from the above reasons, there is a legal angle to retaining records too. Data preserved serves as a safety net in case of a litigation. Companies need to show various kinds of documents during a discovery process and at such times robust data retention policies will stand in good stead. As a corollary, there can be instances of firms maliciously deleting records for this very purpose!

While policies could differ from one organization to another depending upon the nature of business and size, certain industries have to toe the line specified by the respective regulatory bodies in terms of retaining data for a mandated period of time. For example, the HIPAA (Health Insurance Portability and Accountability Act) requires that the healthcare companies preserve data for at least 6 years.  Likewise, the tax records for the purpose of IRS audits need to be maintained for 6 years.

What are the factors to be considered before framing the policy?

Framing data retention policies can be a complex task as several factors play an inter-connected role. Writing a good policy involves but is not restricted to:

  • Collecting and compiling vast and varied amounts of data
  • Framing a different set of policy for each of them as required by law or otherwise
  • Understanding and determining any risk of litigation
  • Specifying a comprehensive list of data that needs to be stored, their format, and the time-frame(s) until when they will be retained.
  • Identifying who’ll be in charge of deleting the data and defining how the data needs to be purged
  • Bringing the employees under the scope of scrutiny to thwart any illegal deletion of data by users
  • Having an effective deterrent in place in case of violations
  • Steps to be taken in case of violation
  • Periodical review of policy

Data retention policies have given way to backup Cloud solutions like E-folder Cloud for data stored in certain applications like Google Apps, Salesforce, Office 365, etc.

We hope you find this information useful and are well-equipped to deal with your data on the Cloud. Feel free to share your thoughts.

Author : Uma Chellappa Date : 03 Dec 2015