Not all data is the same nor does each piece of information require the same levels of protection. Some information requires no protection, some needs to be locked down and monitored so you know if it has potentially been compromised. Different pieces of data also have different lifespans. Some isn't worth keeping at all, other information needs to be saved indefinitely in a format that you can access on demand.
Failing to comply with these requirements can mean big problems. You could face government fines and penalties as well as a public relations nightmare in more high-profile situations. You might be thinking that that these rules and regulations don't apply to you as a small or midsize business, and that they're really aimed at the Fortune 500 firms and big multinational corporations that have even bigger troves of data.
Yes, it's true, those are the companies that end up on the nightly news when they have a data leak or a problem with deleted records that should have been retained. But most record retention laws and data security rules apply equally to all companies. Not only can you face potential fines and penalties if your records are breached or your required files go missing, it can also negatively impact your reputation in the community and damage the trust of your customers and employees.
That's why strong governance is so critical: you need to know what kind of records you have, how long to retain each class of records and what level of security is required for them. It's also important to implement the right systems that support your record retention and security policies.
- 1"The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things." IDC, April 2014. http://www.emc.com/leadership/digital-universe/2014iview/executive-summary.htm