Every business needs to set data retention policies that make sense for it and its industry. For example, if you sell products with a lifetime warranty attached, you may need to retain customer records indefinitely. When it comes to payroll records, The Fair Labor Standards Act requires employers to keep them for at least three years. Financial records should be kept until any chance of an audit has passed; 10 years isn’t an unreasonable amount of time.
Data Retention Needs Some Consideration
Brian Dykstra and Keith Jones, 38 and 32, respectively, see data retention issues from a lot of different angles. Their Columbia, Maryland-based company, Jones, Dykstra & Associates, supplies computer forensic, e-discovery and litigation support and computer security training services. "We handle a tremendous amount of sensitive data," says Dykstra. His company does a quarterly inventory of the data it keeps on hand and checks with its client companies annually to see if they want their data returned, saved or destroyed. That’s a smart policy for any company that has to handle sensitive client information. Dykstra and Jones’ data handling smarts helped push 2007 sales to $2 million.
It’s not just about what data you store, but how you store it. According to Dykstra, "Hard drives fail. If we have to hold data for more than six months, we transfer it to tape." Those tapes are then kept in a locked, fireproof storage area. Dykstra values the long-term storage capabilities of tape, but they are also easy to deal with when it’s time to wipe out the data on them. A simple and effective degaussing process is performed right there in the office. Hard drives are notoriously more difficult when it comes to destroying data. Just deleting a file doesn’t cut it. A variety of data destruction programs are available, but look for a program that meets Department of Defense standards. Sensitive paper data should be kept in a locked, limited-access area. A high-quality shredder can handle destruction duties.
Outsourcing is also a powerful security tool, as it takes a lot of the hassle of security and archiving off your hands. Jones, Dykstra & Associates’ accounting, e-mail and payroll are all handled by outside service providers with extensive security systems of their own. The company pays an additional fee to its e-mail provider to archive e-mails. That way, there is no question of whether to keep or delete e-mails. Setting specific data handling policies, both for retention and disposal, is a must for your business.
See more stories from Entrepreneur.com
Amanda Kooser is assistant technology editor at Entrepreneur Magazine.