Skip to main content
PTS | Data Retention Policies and Processes: A Critical Defence Against DLP Breaches

Data Retention Policies: Essential Defence Against DLP Breaches

Organisations often struggle with the ever-growing mountain of data they accumulate. We’ve spoken with numerous CTOs who echo what we see in the news: enterprise data storage needs are skyrocketing, anywhere from 30% to 100% annually. This leads to a constant cycle of purchasing more hardware or expanding cloud subscriptions.

PTS | Data Retention Policies and Processes: A Critical Defence Against DLP Breaches

The Risks of Unstructured Data

Recently, we tasked a client with running a simple query on their unstructured data files to determine the percentage that hadn’t been opened in three years. The results were startling: over 60% hadn’t been accessed, with the oldest file dating back to 1998!

This highlights a major challenge for organisations that haven’t prioritised file management and governance. Even with access controls in place, having millions of files in open storage is a significant data loss risk. And it’s not just an IT problem. The business departments own the data, and only they truly know if it’s still needed (even if it hasn’t been touched in years – think about those long-term customer agreements).

Proactive Approaches to Data Retention

1. Identify Department Needs: Work with each department to understand their specific data retention requirements

2. Archive or Delete Unnecessary Data: Data that’s no longer needed but must be retained should be archived. Unnecessary data can be deleted.

3. Schedule Regular Maintenance: Implement a quarterly (or more frequent) archive process. This keeps your active data stores lean and secure while significantly reducing storage costs.

PTS | Data Retention Policies and Processes: A Critical Defence Against DLP Breaches
PTS | Data Retention Policies and Processes: A Critical Defence Against DLP Breaches

How Long Should You Retain Data?

Start with a conservative number, like 10 years. You can then gradually reduce it until the business is comfortable. Remember, different departments may have different needs. We worked with a company where some departments ended up archiving data after two years, while others maintained the company policy of five years, which met their specific business needs.

Why Data Governance is Key to Data Retention Success:

Good data governance is a set of agreed principles that helps organisations to manage data through its lifecycle.

Having clear policies, streamlined processes, and dedicated personnel focused on data governance is essential for any organisation’s future.

PTS | Data Retention Policies and Processes: A Critical Defence Against DLP Breaches
PTS | Data Retention Policies and Processes: A Critical Defence Against DLP Breaches

The Importance of Efficient Restoration Processes:

If you need to recover archived files, the process should be fast and efficient (hours, not days). A clunky restoration process can discourage archiving, so make sure your tools and procedures are up to par.

They’ll save you money in the long run.

Let’s Discuss:

We’d love to hear about your experiences with data retention policies. What challenges have you faced in implementing or managing them within your organisation? Let us know if we can assist you with your data retention strategy.

PTS | Data Retention Policies and Processes: A Critical Defence Against DLP Breaches