Data Retention Project

Do you have a strong data retention policy, procedures and training in place?

What to do?


  • Do you know how to classify records, automatically & manually, so they can be easily stored and accessed?


  • Have you determined the categories or types of personal information that you need to store, archived or deleted?


  • Do you know where your data is stored? Think about:

  • Electronic documents, computers, mobile devices, flash drives, disks

  • Emails

  • Websites, CRM systems, legacy systems

  • Paper documents, filing cabinets

  • Digital copiers, printers

  • Company mobile phones, employee personal devices (consider remote working environments)


  • Have you decided how long information should be kept for each department and purpose?


  • If you use a CRM and/or electronic solutions to manage information, have you set up retention and destruction schedules aligned to your entitiy's needs?


  • Do you clearly define the format that the personal information should be kept?


  • Is your team aware of the individuals responsible for decisions on retention of information?


  • Are you aware of and understand PIPA and other regulations that apply to your entity?


  • Have you considered the legal obligations that PIPA and other regulation may require?


  • Did you determine your organisation's needs to strategically design retention activities for greater efficiency and to streamline critical business-related processes?


  • Do you invite input from various departments (legal, finance, department managers, customer support, etc.) on the retention processes and policy?


  • Is there a procedure in place for employees to follow in the event of a retention policy violation?


  • Are you testing your records management strategy against the four basic security standards:

  • Electronic Security - Are electronically stored documents protected from attacks and breaches with encryption during use, transmission and at rest?

  • Physical Security - Are all paper documents, files, flash drives, and backups containging personal information locked in a room or file cabinet that is secured?

  • Authentication - Are you restricting user access to information through robust security settings to control user, document, and project settings?

  • Continuity/Disaster Recovery - Do you ensure that data is secure from theft


  • Are you able to monitor security controls, audit trails, document history, and user activity?


This project aligns with the Data Disposal Project.

Add a Title
Add a Title
Add a Title
Add a Title