Using Policies to Set the Foundation of Data Retention
A data retention policy is key to preventing critical data from being accidentally or intentionally deleted. A well-written policy spells out what data must be protected, how it should be archived and for how long it must be kept.
Comprehensive policies address data on employees’ personal devices as well as content that is accessed via external sites. The policy is implemented through document lifecycle management processes that cover not only data retention but also e-discovery, compliance, data destruction or archiving, and access controls and monitoring.
In the past, it often fell to administrators or individual users to determine what should be retained. They would have to go through each email, instant message or chat message and decide on its relevance.
With NARA’s role-based approach to managing data retention, known as Capstone, federal agencies can now schedule emails and messages as permanent for transfer to the National Archives based on certain roles or positions (generally those at the top of the organizational chart). This makes managing records more efficient.
The Importance of Employee Training in Agency Culture
People are, as always, a vital factor in retaining data and handing it over when they leave. Each agency must instill a culture of compliance from the very start of a person’s employment, include the retention policy in new hire onboarding and request acknowledgment that the employee understands the policy.
Periodic refresher training will keep retention top of mind. Posting the data retention schedule online and promoting it adds to employees’ ease of use, as can clear guidelines on what steps users should take to manage content.
The right tools can automatically determine what needs to be kept or help people make informed decisions. For example, the Rubrik Security Cloud, built on zero-trust architectural principles, can perform automatic data discovery based on rules to secure enterprise, cloud and Software as a Service–based data.
This tool’s Service-Level Agreement Retention Lock capability helps ensure that unauthorized people cannot change retention policies or delete archival data. Archived data is encrypted and immutable.