Credit union teams up with Iron Mountain to implement a comprehensive records retention program
Learn how Iron Mountain consultants worked with the Purdue Federal team to create a comprehensive, business-based retention schedule.
When your company is growing rapidly, there are more projects on the to-do list than time to do them. Projects that keep the company moving forward tend to get higher priority than records retention and cleanup.
That was the dilemma facing West Lafayette, Indiana-based Purdue Federal Credit Union (Purdue Federal) in 2019. The credit union had accumulated various digital records over the years but lacked a formal way to assess them for disposal in line with its records retention rules. “We weren’t out of compliance, but we weren’t organised either,” says Amy Keith, Physical Security Officer and Business Continuity Plan Manager at Purdue Federal. “It was hard for people to get answers to their questions about document retention.”
Purdue Federal needed to implement a manageable and sustainable process that would grow with the company. The sheer volume and variety of records to be identified, assessed, and assigned a retention timeframe was beyond the scope of any one person.
The good news was that many records were already housed in a content management system (CMS). However, it was difficult to confidently decide which records were subject to mandatory destruction and which needed to be kept on hand.
“Everybody jumped on the digital bandwagon 10 years ago and nobody thought about purging,” Keith continues. The CMS had an automated lifecycle management component but needed a way to integrate directly to the records retention schedule to allow for automated purging as digital documents and reports reached the end of their retention periods.
Privacy and Liability
These issues are of growing concern in the financial services industry. With privacy regulations now in place in countries around the globe, including the United States, regulators are paying increasingly more attention to the data that institutions collect. Mandatory data retention requirements are meant to protect both members and the institution by setting standard timeframes for the destruction of records and documents, such as loan agreements.
A financial services firm that retains records beyond their required destruction date can be required to disclose them in a legal dispute, potentially jeopardising both the institution and its members. Over-retention also creates confusion and impedes the flow of business by making it more difficult for people to find the records they need.
The situation was complicated by the increasingly national and even global scope of its business, which made it subject to regulations outside of Indiana. Human nature played a factor as well. People are inclined to hold on to information just in case it’s ever needed, even if that possibility is remote. “People in the financial services industry love their paper and hate to get rid of it,” says Purdue Federal’s Compliance Officer, Johanna Downey.
For the complete Customer Success story please download below.
Featured services & solutions
Financial services
From legacy records management to secure offsite access, leverage our wealth of expertise
Policy Center
Know your obligations and show compliance with our online policy center tool
Secure Shredding Services
Destroy your paper-based records, plastics, and electronic media in a compliant, safe, and cost-effective way
Digital transformation: Are we there yet?
Accelerate your digital transformation journey in five steps.