Data-Retention Policy

What Does Data-Retention Policy Mean?

A data-retention policy is an organization’s policy or protocol regarding the saving of data for regulatory or compliance purposes, or the disposal of it when no longer needed. The policy highlights how data or records need to be formatted and what storage devices or system to use, as well as the how long these need to be kept, which is usually based on a regulatory body’s rules.


Techopedia Explains Data-Retention Policy

Data-retention policies are all about what, where and how long data should be stored or archived. When the retention time of a specific set of data has expired, it either gets moved to a tertiary storage as historical data or gets deleted entirely to keep storage spaces clean.

Aside from keeping historical data for use, data-retention policies exist because of regulatory requirements. Regulatory organizations recognize that it is not financially possible to retain all data indefinitely, so organizations are urged to demonstrate that they only delete data that is not subject to any specific regulatory requirements. For example, a bank’s employee records would have a different retention period than its account records.

It is common for organizations to draft their own retention policies; however they must also make sure to adhere to data retention laws where applicable, especially in heavily regulated industries. For example, companies that are publicly traded in the US must establish a Sarbanes-Oxley Act (SOX) data-retention policy in the same manner that health care organizations are subject to data-retention requirements of the Health Insurance and Portability and Accountability Act (HIPAA). Similarly, institutions that accept payments via credit card must adhere to the requirements of the Payment Card Industry Data Security Standard (PCI DSS).


Related Terms

Latest Data Management Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…