Many organizations store customer, sales, product, and other data electronically. As the amount and types of data that are stored electronically has increased, new data retention regulations and policies have also been implemented and are continuing to be implemented. For example, some governments have implemented or are considering implementing data retention regulations relating to privacy issues that may require organizations to ensure that certain information is deleted within a particular time frame. If deletion is not possible because of other data retention regulation requiring the data to be retained for longer periods, then access to the data must be restricted to only those in the organization with a need to access the information until the data may be deleted. Aside from data privacy regulations, some governments have also enacted other types of data retention regulations requiring organizations to retain certain information, such as tax-related information or production liability information for a certain minimum time period in the event of an audit or other proceeding.
Implementation issues may arise, especially with respect to existing electronically stored information, when these new data retention regulations are enacted. For example, new privacy legislation requiring all customer data to be deleted within two years of being entered unless the data is otherwise required to be preserved by regulation, may required to first identify all customer data, then identify which of the customer data is required to be preserved by other regulations, and then designate the customer data that does not need to be preserved for deletion within the two year period. This process may be extremely time consuming and inefficient.
Additionally, if subsequently enacted legislation later required certain types of customer data to be preserved for longer periods, the customer data would have to be rechecked so that these new types of customer data are not deleted within the two-year window. As more legislation, regulations, and policies get enacted over time, it becomes even more difficult and inefficient to ensure that the data is preserved in compliance with each of the regulations. As the complexity of implementing subsequent regulations increases, it also becomes more likely that certain data will either be inadvertently deleted prematurely or inadvertently retain too long, which may cause future problems for the organization.
There is a need for a data retention framework enabling an automatic implementation and reconciliation of new retention rules with existing retention rules and data.