Retention Policy Tips

by Lowell Rapaport

Retention policies involve keeping files and documents archived until they reach a specified age. Some retention policies are mandated by law, such as SEC requirements. Some policies are simply best management practices accepted within certain business segments.

Once content passes its retention period, it should be destroyed, but the biggest challenge in disposal of content is ensuring that all instances of that information are tracked down and destroyed. That means every backup of the content on CD and tape has to be destroyed by erasure or grinding. You also have to track down copies of the document kept on user workstations or in email server archives.

One way to prevent content from ending up in unreachable places is to only use links to documents rather than circulating the actual content. You can also disable offline support; this prevents documents from being downloaded with view-only access while the documents are active.

As an alternative to a simple time-based document disposal policy, you can require that each document, at the time of its creation, has an attached disposal policy defining the circumstances under which it should be destroyed. Policies could pertain to content age or to a workflow-driven event that would trigger the destruction of, say, documents related to a particular project or created by a particular employee.