Design and Implement the Optimal Records Retention Schedule
April 4, 2012
Many financial services firms are now subject to a real one-two punch: rapidly expanding records archives and a greater legal mandate than ever to properly store and manage them. Fortunately, an effective records retention schedule offers relief.
The stakes for properly storing and managing data in the financial services industry are higher than ever. That’s why many records managers cautiously—or some may say compulsively—archive each financial record, customer profile, audit report and email communication their firms create.
Their motivation? A stringent regulatory environment. Both the Sarbanes-Oxley Act (SOA) and the Gramm-Leach-Bliley Act (GLBA) mete out stiff fines—and even prison time—to executives who destroy or lose financial or customer data. (Jail time is usually reserved for wrongdoers with proven criminal intent.) Several high-profile organizations have been fined millions of dollars because they could not produce subpoenaed email.
Washington Writes the Book
The most recent chapter of legislation opened in 1999 with the Gramm-Leach-Bliley Act, which focuses on data management best practices. GLBA compels financial institutions to ensure the confidentiality and security of their customer data. Three years later, the Sarbanes-Oxley Act called for the proper retention and ensured integrity of publicly traded companies’ financial records.
What are the practical implications of these laws? For one thing, each qualifies email as a “corporate document.” While that might seem like a small point, consider the time, money and technical resources a business must expend to ensure that thousands of emails are properly archived and accessible on demand. (And, of course, email is just one type of document on an ever-growing menu.)
Welcome to the Zettabyte
Email figures big in the data explosion. A recent study from the Radicati Group reveals that the typical corporate email user sends and receives about 105 messages daily. At that rate, it’s easy to understand how in 2010 the world’s digital information output swelled to 1,200 billion gigabytes (or 1.1 zettabytes), up from about 500 billion gigabytes in 2008, according to a 2011 report from Osterman Research Inc.
Adding to the problem, this data lives in many different types of places (as per the same Osterman report):
- Mid-sized and large-scale workplaces account for about a third of this electronic content, with file servers holding information with no data management applications in place.
- Another third resides in email archive systems.
- The final, far-flung third segment is on users’ desktops, laptops and smartphones. Also in this segment: social media sites, business collaboration tools and other less-structured content.
Map Out Your Territories
The location of important files is no small point to consider, since roughly 75 percent of all legal discoveries seek email and other electronic content, according to a 2008 Osterman report, which adds that simply retrieving a needed document represents more than a third of total litigation costs.
The takeaway: As the volume of business records—and the range of locations where they reside—expands, so do the risks of not having an effective records management program.
Retaining in Good Faith
A records retention schedule forms the core of any records management effort. Such a policy defines an organization’s data storage requirements, ensuring that records are kept as long as possible and that obsolete ones are disposed of systematically. Developing and maintaining a retention schedule is important from a legal perspective; it’s potential proof that you’re making a “good faith” effort.
And you know what? When a retention schedule serves as the legal authority to retain and purge records, financial institutions may think twice about saving everything forever. After all, the more records an institution retains, the greater the burden it has to identify and locate its supersized archives.
So don’t be a hoarder when it comes to financial and customer records. A well-maintained retention schedule ensures that you’re being efficient, reasonably cost-conscious and, most of all, compliant. Because after all, the best-laid technology may ultimately be ineffective if you’re not using it to follow the letter of the law.
Iron Mountain Recommends:
The Potential Payoffs of Consistency
- Implement a universal retention schedule as well as a document destruction schedule. Make sure these include broad categories of similar records.
- Document the legal and operational reason(s) for saving each type of file.
- Review your schedules periodically to determine the impact of new and/or changing legislation.
- Establish your retention schedule as part of the company’s standard infrastructure and operating procedures.
Do you have more questions about your firm’s records retention options? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s consulting services team. You’ll be connected with a knowledgeable product and services specialist who can address your information management challenges.
Tweeting for Keeps: Financial Services and the Social Media Archiving Conundrum
Getting Tough About Records Management: Your Upgrade Checklist
The Makings of a 2012 Records Manager