Solidifying Your Strategy With A Policy
Creating a data archiving policy is going to solidify your strategy to create a long-lasting process for business operations. Firstly, review the full guide before you start, to understand the importance of data archiving and check you have implemented the other best practices.
Table Of Contents
- What Is A Data Archiving Policy?
- Creating Your Policy
- Preparation
- Examples
- What Should It Include?
What Is A Data Archiving Policy?
Your policy acts as clarification for your data archiving strategy. All stakeholders should be able to access the policy. It provides full transparency to customers. They can find out why a company retains personal information, how they use it and where they store it. And, evidences regulatory compliance.
The policy enforces an efficient process for staff to follow. It outlines the requirements for archiving data. The document specifies the required formats for storing archival data. It will confirm retention periods, to demonstrate how often you will purge data, and after how long.
The policy also enhances data governance, by assigning roles and responsibilities to members of staff. This aims to reduce data access. And as a result, the incidents of human error is reduced. In addition, the violation procedures show the clear repercussion for breaching company policy and minimises risk of disrespect.
Creating Your Policy
Preparation
Before writing your policy, make sure you have created a clear strategy. The strategy will explore your business operations and set some clear rules for the archival of data. The policy should highlight these.
Your policy will also provide evidence for regulatory compliance. You should have researched and put procedures in place to meet legal obligations already. If you haven’t done so already, you should take the time to understand the considerations of data archiving. The process is not enough to protect you from legal acts.
The data archival policy should be created with input from various departments to take advantage of department expertise. You should involve members of IT team, dedicated database administrators, the legal department of the company and some other key players/stakeholders.
Throughout the process, use basic language. Flesch reading tools can help you with writing documents that are ‘fairly easy’ to read for the average adult. By writing a clear document, there is less likely to be confusion and breaches. However, the policy is not enough to protect data, alone. There are some other recommendations for improving data protection. You should also practice regular data backups to accompany your policy and mitigate risk of losing data in the event that the process goes wrong.
Many policies are an extension of the privacy policy. Otherwise referred to as a retention policy. This creates full transparency between all parties. The policy will outline how long data is kept for.
First, make sure that your retention time is no longer than required. Storing older data for longer than it is required compromises performance, security and trust.
Examples Of Data Archiving Policies
WellData has assisted many companies with writing data archiving policies. Therefore, we can recognise what makes a policy work. Here are a handful of policies which demonstrate some elements that you should include.
- International SOS
International SOS‘s data retention, archiving and destruction policy keeps a full record of changes and updates to their policy. This demonstrates that they are actively maintaining their policy and reviewing the process to make improvements. As a result, the staff can remain up-to-date with company policies.
- Plan International
Plan International‘s Archive and Disposal Policy has a section for each file type. There is a specific time period for how long data is stored before it is deleted. By doing so, the company is in a better position to maintain storage and lower costs. It also demonstrates that the company has set clear calculations to anticipate how long historical data is relevant.
- London School of Economics and Political Science
The London School of Economics and Political Science is setting clear expectations for its members. This creates some accountability for the archiving process and for whom is able to purge data. LSE are in a better position to protect data, and minimise the risk of internal breaches of security.
Contents of Policy
You should now have a better understanding of how to use a policy to maximise the benefits of data archiving and mitigate risks. Now it’s time to build a content plan:
- Data Requirements
- Data Formats
- Retention Period
- Deletion Procedure
- Responsibility and Accountability
- Consequences of Violation
Meeting The Requirements For Your Archive
In this section of the policy, you should outline the rules for which data must meet before it is determined as suitable for archive storage. Most frequently, these rules are time based. Therefore, you may wish to state that if the information has not been accessed in X period of time, it shall be archived. You should state specific time periods for each file type.
Furthermore, you may also wish to archive data based on it’s historical age. ie. Data created on X date or before X date will be archived. You may calculate a suitable time period based on your business operations.
By doing so, you reduce the risk of archiving incorrect files. And, your archive only contains relevant information. The benefits of doing so include; faster advanced searches, lower secondary storage costs and easier maintenance.
Formatting The Data Correctly
Previously, we mentioned the importance of using specific file types to save and retain the quality of files. Outdated file types may require specialist software. An inefficient process for retrieval times.
Therefore, list each type of information that could be archived throughout the lifetime of the company and the preferred format of each file type. This will help you govern the quality of data, minimise the size of larger files and retrieve specific records quickly.
Setting Retention Periods
Once archiving data, it’s vital that it is not abandoned and stored forever. You should consider your retention policies. This section states how long data is accessible for, before being deleted. This time period may vary for certain information, and you may wish for this to be an immediate process in some cases.
Procedure For Deleting Files
Following on from the retention policy, you should be transparent about the process for deleting files. And, for whom is responsible of ensuring the process happens.
Responsibility and Accountability
In addition, there should be roles and responsibilities assigned for each stage in the process of data archiving. There should also be an outline of which job titles have access to the historical data and who is responsible for carrying out certain steps. Without setting expectations for staff, you will lack data governance. In the event of disaster, employees must take accountability of their actions and be liable to disciplinary measures.
Disciplinary Procedure
Unfortunately, breaches of the policy may occur. Therefore, set expectations for the disciplinary measures which could take place. This is likely to deter unruly behaviour and protect data, if the above steps fail.
<< Back to resources
