Technology News

latest updates from easySERVICE™

Regulatory, IT Policy, and Legal Compliance regarding Data Archiving

1

 

Most compliance mandates grew out of the idea that it is important to keep copies of company records. In other words, compliance is not an outgrowth of some “techie” principle; it is an outgrowth of longstanding common sense. You keep copies of data for the same reasons people always have kept copies of cancelled checks or old tax returns: It’s prudent. Regulatory compliance is a legal mandate compelling the same behavior that responsible people already engage in anyway. Such mandates are often imposed, at least in part, because irresponsible people weren’t doing what they should have been.

That being said, compliance in a business environment happens because a regulatory or an internal IT policy requirement is in place, with equal emphasis on internal policy. “Regulatory” results from some outside governmental or industrial agency/entity requiring compliance. IT policy-based compliance, on the other hand, might stem from a mandate from the CFO or COO that the company should keep this data. Often the two marching orders will overlap, but not always.

In many cases, the main reason one is required to retain data, other than to pass an auditor’s inspection, is to stay prepared in case of an e-discovery event. As part of litigation, some party may request that the organization produce or surrender electronic information, and it will have to comply.

Grooming data from primary storage is important. Retaining data properly for long-term preservation is important. But deleting data must factor into any solid approach to archiving as well. An IT organization needs to know how long to retain data, and when/how that data should be destroyed.

Otherwise, data simply is stored indefinitely … until at some point, the organization decides it would like to scrap some or all of it. At that point, the process of determining what to delete can be daunting, particularly considering that different regulators have been known to issue a variety of (at times) contradictory retention mandates. Yes, some records should live forever, but most data declines in value with time and may have a legally mandated retention period of just a few years.

Here, the principles of efficient storage grooming and responsible legal compliance meld to help an IT organization create a defensible policy aimed at matching retention requirements to data characteristics.

Having a defensible plan/policy in place for getting rid of data is important because:

  • The less you store, the lower your OpEx and CapEx will be. Even small, regularly scheduled deletions can make archiving more manageable and help IT to postpone additional storage investments.
  •  Anything that an organization isn’t required to retain but has been holding onto nevertheless represents potential risk from an e-discovery standpoint. Pointlessly preserved data can still be used against you in a lawsuit or regulatory complaint.
  • A deletion policy must be clear, consistent, and thoroughly documented. After all, deletion efforts not clearly tied to a formal policy could be viewed as deliberate efforts to dispose of undesirable information.

However, the bottom line is that the less information that is stored, the lower the likelihood is of someone finding something to hang legal action onto. A defensible deletion policy reduces risk—making it, by definition, good business.

More than half of the companies that ESG surveyed (55%) have a formal deletion policy. That’s the good news. The bad news is that, of the remaining respondents, 36% are disposing of data on an ad hoc basis only, and 9% are not disposing of their data at all.

Cloud technology allows companies to plan for this type of disaster by having several suppliers available to replace those unable to meet demand requirements. Today, many of the high-tech companies with a concentrated supply of goods in Thailand have embraced diversification and cloud to ensure they have a backup source for parts. By creating an agile supply network, they can assess inventory in the supply chain and expedite and re-route as necessary.

At easySERVICE, our cloud-like server is both persistent and highly elastic. You get the best of both worlds since it looks and feel like a traditional server but is on-demand and better than cloud. So no matter what you need something simple or something highly customized and complex, we bring the expertise, support and services that no other provider can deliver.

If you’d like to discuss any of the above best practices or lessons learned with us or to learn more about how we are partnering with companies just like yours to ensure the availability of mission-critical applications, please contact us at (855) US STELLAR.

Advertisements

One comment on “Regulatory, IT Policy, and Legal Compliance regarding Data Archiving

  1. StellarPhoenixS
    August 20, 2014

    Reblogged this on Stellar Phoenix Solutions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: