Datacatch If you have it, Datacatch will find it
home solutions and products purchase support company contact us
solutions and products  

Solutions for...

Small Business Owners
Software Developers
Photographers & Designers
Home Users

Products

Standard Edition Librarian
Professional Edition Librarian
Product Comparison Matrix

Other Solutions

Google Desktop Search
Data Storage Solutions

Customer Stories

How our customers use Datacatch

Find out more

Take a Quick Tour

Datacatch Librarian Tips

Datacatch librarian helps small business owners comply with data retention laws

Recent compliance legislation has had a huge impact on the way businesses need to manage their data. There are now specific requirements about what data needs to be retained, how long it must be kept and how quickly it must be able to be retrieved. Strict penalties apply to any business that fails to satisfy these requirements.

It doesn't matter what size your company is, you need to understand how the regulations affect you and what you need to implement to comply with the changes.

Which laws apply to you?

Unfortunately there is no quick answer to this. Regulations vary by country and by industry. Companies that deal internationally also need to ensure that they satisfy the regulations of all countries in which they do business.

IT departments of many non-regulated companies are also subject to corporate governance requirements to ensure data is retained and accessible when necessary, particularly from a legal perspective.

The cost of non-compliance can be severe. Penalties under the Sarbanes-Oxley Act include fines of up to $5 million and imprisonment for up to 20 years.

In addition to compliance and industry regulations many countries are introducing anti-terror legislation that also requires the retention of data for longer periods of time.

This means a data retention policy is essential for your business, regardless of your size.

Satisfying the basic requirements

Even though different countries and industries have their own rules and regulations there are some basic requirements your business should adhere to.

  • You need to create a secure storage environment for your electronic business assets, including protecting information against alteration or deletion, e.g. using WORM (Write Once Read Many) media like optical discs.
  • Your information needs to be stored in a format and on a medium that is able to be read for the duration of the retention period. This can be seven or more years.
  • The stored information needs to be searchable and retrievable in a timely manner.

Implementing a data retention solution

The first step is to work out what you need to retain, how long you need to keep it, how quickly you have to be able to retrieve it, and how it should be disposed of at the end of the retention period. Consider getting professional advice about this as it is a very complex area. A recent article on SearchStorage.com cited over 10,000 regulations affecting data retention in the US alone.

There are many products and services available that are aimed at the data retention market but most of these are designed for large businesses with a big budget. As a result many smaller businesses simply choose to ignore data retention, but high penalties make this more costly than implementing an enterprise solution! It's far better to adopt a hybrid solution that is both affordable and better suited to small business needs.

A typical solution may include:

  • Scanning and converting paper documents to digital format to save on storage space and costs and facilitate fast retrieval.
  • Storing digital records on archival-quality optical discs that are affordable, have a life expectancy of up to 50 years and are available in WORM (Write Once Read Many) format ensuring the records cannot be altered.
  • Use commercially available optical disc storage units to protect and organize discs. These units provide protection against dust and UV light and allow you to record the exact location of each disc. There are also lockable units available to provide additional security for sensitive information.
  • Catalog, manage and retrieve your discs and data using Datacatch Librarian that automatically catalogs your discs, provides powerful search facilities to locate your file quickly, and has a reporting function to help you manage your archived media.

Final check list

  • Don't forget that email and instant messaging are business records and need to be retained
  • Don't overlook other information that can be considered business records, e.g. policies, procedures and audit reports.
  • Check before destroying any information. The organization may need to store it for future audits or litigation.
  • Never assume that the retention requirement for all business-related information is the commonly-quoted seven years. There are a lot of variables depending on the industry, type of organization, and type of information.
  • Don't assume that just because you have access to archived information that you're going to be able to restore it within a reasonable amount of time. Install a solid set of procedures that meet legal demands quickly and efficiently while juggling all your other storage administration duties.
  • Don't assume or expect that users can be trusted to do the right thing especially when it comes to complying with your organization's information retention policy. Put checks in place to ensure that your procedures are being followed.

 

Find out more about Datacatch Librarian Professional Edition

Read about our customer stories

 

Return to top

 
 
Copyright © 2007 Datacatch . All Rights Reserved