Data retention strategies for SMEs
Published: 22 Mar 2007
Data, archiving and the law
In the past, businesses and legal systems dealt with data retention matters based on the assumption that all relevant business records would be on paper. Increasingly this is no longer the case, and many business transactions are now largely, or even completely, carried out electronically. The Data Protection Act (DPA) of 1998 gives individuals the right, on producing evidence of their identity, to have a copy of personal data held about them — including information contained in emails of a personal and biographical nature.
The DPA also requires organisations to take appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of personal data. Archived data can be particularly vulnerable to all of these hazards.
Email can often be regarded as transitory, and many email clients have a capacity limit and aren’t designed to archive email indefinitely. However, there are a number of situations where companies are apparently legally required to retain email for up to six years. Small companies using external email services such as AOL may find themselves particularly exposed.
In reality it may prove to be impractical, or at least extremely difficult, for small companies to comply with future and even current legislation regarding data retention. Nevertheless, if they have not already done so, SMEs would be prudent to review their backup and archiving strategies as soon as possible.


















