Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Dataprise
Table of content
Every business relies on data in some form, making its protection essential for maintaining operations, compliance with laws and regulations, and efficient resource utilization in the long term. Different types of data and business requirements necessitate data retention policies, which have evolved over time with advancements in data protection and archiving technologies.
It’s worth noting that data retention can also pertain to the duration personal information from electronic communications is retained and how it’s managed, as in the case of GDPR. However, this article primarily addresses the long-term retention of data for business continuity and regulatory purposes.
The fundamental principle of data retention and archiving is to retain data from specific time points longer than others, typically on a weekly, monthly, and yearly basis. In the past, when tape media was the predominant backup storage method, it involved running periodic full backups to match these point-in-time requirements. These tapes were set aside as immutable backups, adhering to weekly, monthly, and yearly retention, until the retention period expired, at which point they were overwritten.
Various rotation schemes exist, with GFS (grandfather-father-son) retention being one of the most commonly used. These policies aim to strike a balance between retaining data for compliance while not incurring excessive storage costs.
With disk-based backup storage, it’s essential to manage available disk space efficiently. GFS policies specify how long weekly (son), monthly (father), and yearly (grandfather) backups are retained. Modern backup software automates this process, ensuring that each type of backup is kept for the designated time before either permanent archiving or deletion. Another approach involves sending data to a cloud backup provider, ensuring data protection that’s accessible from any location and complying with the 3-2-1 rule for backups, which involves having a copy of the data stored offsite.
There’s no one-size-fits-all answer to this question. Data retention duration depends on your business’s location, financial or governmental requirements, and the nature of your operations. To ensure data security compliance, identify the locations of all workloads, assess the value and types of data through a business impact analysis, and establish retention policies for each category. Granular specification of these retention policies in your data protection software allows you to meet specific business needs without a uniform approach.
For instance, if you work in the healthcare field, retention requirements vary by state and depend on whether you’re a doctor’s office or a hospital, as well as whether the data pertains to adults or minors. The Code of Federal Regulations contains retention requirements for records that can be referenced when needed.
Once you’ve determined the required retention types based on your business or federal regulations, it’s time to configure the backup, deletion, or archiving of documents accordingly. Let’s consider a fictitious example of HR payroll systems and records with a 7-year retention requirement:
Full backups occur on Saturdays, with daily forward incremental backup jobs. GFS retention flags weekly backups as “weekly,” preventing deletion or modification. Daily backups are automatically deleted after 31 days. Weekly backups remain untouched until the 53rd rolling week. After the 52nd week, the GFS flag is removed, and normal retention actions resume.
The last weekly backup of each month is assigned a monthly GFS flag. In month 13, the earliest backup’s GFS flag is moved, and the backup is deleted while a new monthly backup is created.
Yearly full backups are flagged during the last full weekly backup of the year. They contain weekly, monthly, and yearly GFS flags, with the highest tier taking precedence. The file system recognizes only the yearly GFS flag, and the rolling flag removal occurs again in year 8.
This example outlines a basic seven-year data retention policy that minimizes data storage while automatically freeing up space on backup storage.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.