Contoural’s experienced records retention consultant offer the industry’s most advanced records policies and schedules. Contoural has worked with hundreds of companies (including 30% of Fortune 500 companies) to develop records retention schedule creation and data retention policies, that are not only compliant but also easy for employees to understand, use, and are focused on execution. Furthermore, we synchronize privacy and recordkeeping requirements to avoid conflicts.
Our records retention consultants know how to work with key stakeholders such as IT. Our records retention consultant also work with your business units to figure out what should we save and what has business value and for how long should it be saved. We do more records retention schedules than anybody else and in part because of our innovative approach.
Our easy to implement approach starts with a records retention schedule designed specifically for your needs – no out of the box records Policy Execution or records policy creation here:
Of less concern is what the document is called. Some companies call it a data retention policy; others call it a records retention schedule. It is not important. What matters is that data retention policies are records-enabled, and records retention schedules are privacy-enabled.
Meeting privacy data minimization requirements creates an additional complication on top of existing and often challenging records retention requirements. Avoid the temptation to create separate policies and go it alone. Engage other stakeholders as well as business units. Keep these policies up to date. Developing compliant, balanced approaches in modern, easier-to-execute polices may take a little more effort at the beginning, but well-crafted policies make execution much easier, reduce downstream conflicts, and reduce or avoid disposition resistance from business units and employees. It is worth the effort to do it right. Contoural has the privacy consulting experience to help your business work through this.
It is best practice that the end result should not focus exclusively on legal and regulatory requirements. Rather, these policies also need to address business need and value. Good data retention policy/records policy and schedule serve not only as legal statements, but also seek to achieve a reasonable consensus with business units and other stakeholders regarding what information needs to be maintained to run the business and what can and should be deleted (and when). Any deletion exercise depends on having this agreement. Failing to build this consensus at the beginning will force companies to revisit it every time they try and delete information.
Publishing a schedule online also provides the flexibility to publish department- and function-specific views of the schedule. These views contain records types that are relevant to a specific department, excluding record types that do not apply to the given function. Instead of having to look through an entire schedule, these narrower views allow employees to easily see in a single page or two their most relevant record types. All of this typically can be accomplished with technology that companies already have in-house.
Traditional records programs create a schedule and publish it in either paper or PDF format. Records managers themselves may enjoy having a single consolidated view of records requirement in a single document; however this appreciation typically is not shared by employees who must manually search through these long schedules to find relevant records. If the process is too cumbersome, even well-intentioned employees will quickly abandon looking up information in the schedule. Should we have country or region-specific schedules, or should we create a single global schedule?
It is often better to have a single, global schedule with local exceptions where necessary than having multiple geography-specific schedules. First, while recordkeeping requirements do vary across countries, the differences may be small and/or often the business value of retention trumps the various legal requirements. Second, record-containing emails and files flow across borders between a marketing team in the US and a development team in India, for example. While you could declare the US-based marketing team as the records custodian, does that mean the records do not fall under Indian record management policies? It quickly becomes complicated. Hence a policy with a single global retention period is arguably more compliant. Finally – and most important – it is exceedingly difficult to implement multiple policies, especially as companies often have the same content management system for multiple countries.
Note that there are some outliers. For example, China requires retention of some accounting records for 15 years, which substantially exceeds the typical 7-year retention in the US, and the 8-year retention required in several European countries. It may make sense to set the global policy for eight years with a specific local exception for China. China also requires permanent retention of some key records.
Contoural is the largest independent provider of strategic Information Governance, Privacy, and AI Governance consulting services, including records and information management, litigation readiness and control of privacy and sensitive information.
Copyright 2024. All Rights Reserved