How to make a strong start with retention management

By: In: Compliance On: Mar 31, 2014
How to make a strong start with retention management

Introducing Colin Rooney, Partner at Arthur Cox

Managing all your information to keep in step with legally prescribed retention schedules can seem so big and complex that it looks impenetrable. But the key to retention management is finding out what you have, why you have it and when you need to get rid of it. By breaking the process down into clear steps, it easier to see how your goals fit together.

Step 1. Asses what your business does and what you hold. Starting here lets you determine the data and information sets that are important to your business. What’s vital to your daily operations? What data is held across all the different parts of your business? It’s also important to determine what data is transitory and can be destroyed immediately.

Step 2. Determine how long you need to keep documents. Start by specifying the kind of information your business holds the most of. Then concentrate your enquiries on what your business does and what information is most relevant. For example, personal information should be kept for very limited periods of time. Other kinds of records will have much longer time periods. Think proactively and consider anything that might change the information entering your business. A law firm can give you the legal guidance you need, but your business needs to delimit that work by determining what’s meaningful and where the focus of retention should be in very practical terms.

Step 3 Complete a key document review. This should reflect what’s essential to the running of your business. These documents might not be needed every day, but you will need to know where they are and in what format they exist.

Colin Rooney is a Partner in the Technology Group of Arthur Cox. Colin advises on data privacy, freedom of information, social media, information technology and e-business matters.  Colin’s practice has a strong emphasis on information management issues, ranging from cross-jurisdictional data sharing projects to digital marketing to online regulation and related matters. Colin advices Irish and international companies, including publicly listed corporations, privately owned companies and State bodies. Colin is a frequent speaker and author on data privacy topics and is a Certified Information Privacy Professional (Europe) (CIPP/E).

He’ll be speaking at Iron Mountain’s Information at Risk even in Belfast on 10 April.

Sign up for Information at Risk

← Why data regulation should be at the core of your business Why finding the right vendor for secure IT asset disposal is so important →

Leave A Comment

About the author

Christian Toon

Christian Toon is a former Iron Mountain employee who now works closely with our business within his new role: Senior Cyber Security Expert at PwC UK. Christian's thought leadership in this space is well-acknowledged across the industry. Christian has obtained numerous industry specific and recognised qualifications, he is a qualified Prince2 Practitioner and ISO IEC 27001:2005 Lead Auditor as well as holding auditing qualifications with ISO 9001, ISO 18001 and 14001. Christian has also completed all the Information Assurance Levels from the National School of Government. Christian's application to the Institute of Information Security Professionals (IISP) is currently under review along with a potential application to further his development with an Masters in Information Security.