Introducing Colin Rooney, Partner at Arthur Cox
Managing all your information to keep in step with legally prescribed retention schedules can seem so big and complex that it looks impenetrable. But the key to retention management is finding out what you have, why you have it and when you need to get rid of it. By breaking the process down into clear steps, it easier to see how your goals fit together.
Step 1. Asses what your business does and what you hold. Starting here lets you determine the data and information sets that are important to your business. What’s vital to your daily operations? What data is held across all the different parts of your business? It’s also important to determine what data is transitory and can be destroyed immediately.
Step 2. Determine how long you need to keep documents. Start by specifying the kind of information your business holds the most of. Then concentrate your enquiries on what your business does and what information is most relevant. For example, personal information should be kept for very limited periods of time. Other kinds of records will have much longer time periods. Think proactively and consider anything that might change the information entering your business. A law firm can give you the legal guidance you need, but your business needs to delimit that work by determining what’s meaningful and where the focus of retention should be in very practical terms.
Step 3 Complete a key document review. This should reflect what’s essential to the running of your business. These documents might not be needed every day, but you will need to know where they are and in what format they exist.
Colin Rooney is a Partner in the Technology Group of Arthur Cox. Colin advises on data privacy, freedom of information, social media, information technology and e-business matters. Colin’s practice has a strong emphasis on information management issues, ranging from cross-jurisdictional data sharing projects to digital marketing to online regulation and related matters. Colin advices Irish and international companies, including publicly listed corporations, privately owned companies and State bodies. Colin is a frequent speaker and author on data privacy topics and is a Certified Information Privacy Professional (Europe) (CIPP/E).
He’ll be speaking at Iron Mountain’s Information at Risk even in Belfast on 10 April.