Data-Retention Policy

Why Trust Techopedia

What Does Data-Retention Policy Mean?

A data-retention policy is an organization’s policy or protocol regarding the saving of data for regulatory or compliance purposes, or the disposal of it when no longer needed. The policy highlights how data or records need to be formatted and what storage devices or system to use, as well as the how long these need to be kept, which is usually based on a regulatory body’s rules.

Advertisements

Techopedia Explains Data-Retention Policy

Data-retention policies are all about what, where and how long data should be stored or archived. When the retention time of a specific set of data has expired, it either gets moved to a tertiary storage as historical data or gets deleted entirely to keep storage spaces clean.

Aside from keeping historical data for use, data-retention policies exist because of regulatory requirements. Regulatory organizations recognize that it is not financially possible to retain all data indefinitely, so organizations are urged to demonstrate that they only delete data that is not subject to any specific regulatory requirements. For example, a bank’s employee records would have a different retention period than its account records.

It is common for organizations to draft their own retention policies; however they must also make sure to adhere to data retention laws where applicable, especially in heavily regulated industries. For example, companies that are publicly traded in the US must establish a Sarbanes-Oxley Act (SOX) data-retention policy in the same manner that health care organizations are subject to data-retention requirements of the Health Insurance and Portability and Accountability Act (HIPAA). Similarly, institutions that accept payments via credit card must adhere to the requirements of the Payment Card Industry Data Security Standard (PCI DSS).

Advertisements

Related Terms

Margaret Rouse
Technology expert
Margaret Rouse
Technology expert

Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret’s idea of ​​a fun day is to help IT and business professionals to learn to speak each other’s highly specialized languages.