3 min read

Storage Smarts

Between employee information, customer payment numbers, internal files or the reams of e-mails you send and receive, your smaller business' data is vital to its existence. But data retention is not just about what you store, but how you store it
There aren’t a lot of hard and fast rules for smaller businesses when it comes to hanging on to data. Just be sure that when you destroy it, you destroy it thoroughly.

Every business needs to set data retention policies that make sense for it and its industry. For example, if you sell products with a lifetime warranty attached, you may need to retain customer records indefinitely. When it comes to payroll records, The Fair Labor Standards Act requires employers to keep them for at least three years. Financial records should be kept until any chance of an audit has passed; 10 years isn’t an unreasonable amount of time.

Data Retention Needs Some Consideration
Brian Dykstra and Keith Jones, 38 and 32, respectively, see data retention issues from a lot of different angles. Their Columbia, Maryland-based company, Jones, Dykstra & Associates, supplies computer forensic, e-discovery and litigation support and computer security training services. "We handle a tremendous amount of sensitive data," says Dykstra. His company does a quarterly inventory of the data it keeps on hand and checks with its client companies annually to see if they want their data returned, saved or destroyed. That’s a smart policy for any company that has to handle sensitive client information. Dykstra and Jones’ data handling smarts helped push 2007 sales to $2 million.

It’s not just about what data you store, but how you store it. According to Dykstra, "Hard drives fail. If we have to hold data for more than six months, we transfer it to tape." Those tapes are then kept in a locked, fireproof storage area. Dykstra values the long-term storage capabilities of tape, but they are also easy to deal with when it’s time to wipe out the data on them. A simple and effective degaussing process is performed right there in the office. Hard drives are notoriously more difficult when it comes to destroying data. Just deleting a file doesn’t cut it. A variety of data destruction programs are available, but look for a program that meets Department of Defense standards. Sensitive paper data should be kept in a locked, limited-access area. A high-quality shredder can handle destruction duties.

Outsourcing is also a powerful security tool, as it takes a lot of the hassle of security and archiving off your hands. Jones, Dykstra & Associates’ accounting, e-mail and payroll are all handled by outside service providers with extensive security systems of their own. The company pays an additional fee to its e-mail provider to archive e-mails. That way, there is no question of whether to keep or delete e-mails. Setting specific data handling policies, both for retention and disposal, is a must for your business.

See more stories from

Amanda Kooser is assistant technology editor at Entrepreneur Magazine.