Companies need to clearly define data retention and deletion policies

One third of IT departments are putting their business at risk by failing to have data retention policies in place, according to Peter Groucutt, managing director of Databarracks.

  • Thursday, 19th December 2013 Posted 11 years ago in by Phil Alsop

The results, taken from Databarracks’ annual Data Health Check report, which surveyed over 400 IT professionals from UK-based organisations, highlighted that despite 94 per cent of respondents being confident in the effectiveness of their current backup solution, there still exists a disconnect when it comes to data retention and deletion policies.


A key driver behind this is the progression we’re seeing in the data backup space, says Groucutt: “Backup methods are evolving as the use of tape continues to decline rapidly. Our research indicates that only six per cent of organisations use just tape to backup and store data. This is in contrast to disk-based and online backup, which continues to increase in popularity.”


Groucutt goes on to explain that a renewed emphasis is needed on compliance with data retention and deletion policies, as the shift towards online backup continues: “Without strict data retention and deletion policies, many businesses will not be compliant – but this isn’t the only backup related headache revealed by the Data Health Check. Schemes like BYOD are growing in popularity and are causing problems for the IT department, with over half of our respondents reporting that end-point devices are the most challenging to backup. Organisations need to realise how risks to their business will evolve over time, in order to identify weaknesses and maintain watertight security.


“Governance plays an increasingly important role in cloud environments when outsourcing to third party service providers. Organisations need to be aware of the data security and retention regulations that could affect the way in which they store their data.


“As our research reveals, one third of participants either do not have a data retention policy in place or simply keep all data forever – this is not good practice. Unless there is a specific need to keep certain data forever, businesses will be increasing their storage and backup costs unnecessarily.
“As a starting point, organisations looking to use a cloud service provider (CSP) for backup services should work with those providers to clearly understand and define data retention policies. It is vital to regularly review as systems and regulations change.”