Establishing data retention policies: Don't rush the process

All network administrators dread the repercussions of damaging e-mail or files left on network servers. But establishing an effective data retention policy requires careful planning. Here are some key issues to consider as you hammer out the details.

E-mail can destroy a company. Just look back to the beginning of the Microsoft antitrust trial. Several e-mails were found that gave the Justice Department ammunition for their battle against Uncle Bill. You’d think Microsoft would have cleaned out those e-mails long before they were discovered, but they were still around—and you saw how they affected the course of the trial. Since then, a number of companies have had e-mail or other electronic documents paraded through the courts.

To combat this legal nightmare, many companies have implemented data retention policies to help reduce the possibility of costly lawsuits. If you haven’t implemented a data retention policy, or you’re just in the process of coming up with one, here are some factors to keep in mind.

Electronic documents
Electronic documents can be word processing, spreadsheet, or presentation files. These documents can really complicate a retention policy because they may conflict with other retention policies. However, with the help of management, you can come up with a policy that will not only help eliminate potentially damaging items, but will also help you save space on your server and workstation hard drives. The thing to remember is you must set onepolicy for both paper and electronic items. Some companies will set policies that define one time limit for electronic files and another time limit for certain categories of files. Take, for example, this common problem:

Jane has a Word document that covers legal issues within her company. The maximum time a Word file can be kept is three years. The policy states that any legal document MUST be kept for five years. So which rule applies? What should Jane do? What do you do?

E-mail retention policies should be defined in close accordance with the policy for electronic documents. Pay close attention to e-mails with file attachments. Does the e-mail get kept because of the file attachment limit, or does it get removed according to the e-mail time limit? If you’re going to keep it around according to the file attachment time limit, what happens if you want to implement an automated utility to clean out the e-mail? The utilities available will not allow you to define how it cleans e-mail based on whether it has a file attachment.

Tools to help implement your policy
Once you’ve developed a policy, you can take advantage of various tools to put it into effect.

When you’re cleaning up electronic documents, the following software can help with tasks such as creating reports on used space, setting disk quotas, and automatically cleaning out items that have gone over their allowed time limits:
  • NTP Software—Quota Sentinel, Quota Manager, Storage Accountant, and File Archivist
  • WQuinn—StorageCeNTral, QuotaAdvisor, DiskAdvisor, FileScreen 2000
  • Raxco Software—DiskState

Final thoughts
Eventually, all network administrators have to deal with data retention policies in some form. Hopefully, the information offered here will give you an idea of what issues you may encounter, along with the types of tools available to help you enforce such policies. Often, people rush into data retention policies due to the volatile nature of these items and the pressure to implement something quickly for fear of lawsuits. When it’s time to evaluate what works best for you, make educated decisions, and then carefully implement your plan.
What data retention policies are in place at your company? Start a discussion below or send the editor an e-mail.

Editor's Picks

Free Newsletters, In your Inbox