smb understand record compliance

Do you really understand your record compliance requirements?

by ​Bill Robertson

The world is creating data at a staggering rate. Research firm IDC predicts that the digital universe will grow to 44 zettabytes of data by 2020. That's equivalent to 44 trillion gigabytes — a 10-fold increase from the amount of data that was created in 2013.¹

However, how much data you're creating is just the start of the story. The bigger concern is really what kind of data you have, how you're saving it and how long you need to store it.

To ensure you have the right protections on the right data, you might decide to just electronically file everything you have; after all, the cost of storage has dropped dramatically in recent years, so it's both technically feasible and affordable to do so — at least for now. But taking that approach is neither sustainable nor smart. The cost of keeping everything, even if it's all in low-cost cloud storage, is an unnecessary line item on the company ledger. Plus, the sheer volume will eventually become unwieldy — if it isn't so already. You'll spend more money than you should just to manage the huge quantities you'll quickly acquire if you decide to archive everything in electronic files forever. And even with that approach, you still might not meet security standards for the data that requires protection.

What you need instead is a thoughtful records retention policy that adheres to the various laws, regulations and best practices that govern how to handle your growing volume of electronic data. Numerous local, state and federal requirements govern your business data, and each one has different rules regarding the records it wants you to keep.

There are also various industry standards and best practices with records compliance recommendations. They all aim to ensure that you handle your digital records properly so you can find and access them when needed while at the same time protecting them as much as possible from unauthorized access or unintentional loss. If records compliance sounds complicated, you're right.

Not all data is the same nor does each piece of information require the same level of protection.

Not all data is the same nor does each piece of information require the same levels of protection. Some information requires no protection, some needs to be locked down and monitored so you know if it has potentially been compromised. Different pieces of data also have different lifespans. Some isn't worth keeping at all, other information needs to be saved indefinitely in a format that you can access on demand.

Failing to comply with these requirements can mean big problems. You could face government fines and penalties as well as a public relations nightmare in more high-profile situations. You might be thinking that that these rules and regulations don't apply to you as a small or midsize business, and that they're really aimed at the Fortune 500 firms and big multinational corporations that have even bigger troves of data.

Yes, it's true, those are the companies that end up on the nightly news when they have a data leak or a problem with deleted records that should have been retained. But most record retention laws and data security rules apply equally to all companies. Not only can you face potential fines and penalties if your records are breached or your required files go missing, it can also negatively impact your reputation in the community and damage the trust of your customers and employees.

That's why strong governance is so critical: you need to know what kind of records you have, how long to retain each class of records and what level of security is required for them. It's also important to implement the right systems that support your record retention and security policies.

Unsure if your standards are up to par?

Find out about some easy improvements you can make to shore up potential risks.

Learn more

Bill Robertson, Senior Manager, Professional Services Strategy at Ricoh USA, Inc., brings over 10 years of experience in the technology industry with expertise in targeted growth, business development, new product development and launch. A customer advocate and innovator by nature, Robertson is an AIIM-certified Information Governance Specialist.

  1. 1"The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things." IDC, April 2014.