Data Retention With FileCloud

June 28, 2020

FileCloud retention policies allow administrators to automate some of the processing related to protecting files and their folder groupings. This policy-based automation is designed to help secure digital content for compliance, but it can also enhance the management of digital content for other internal reasons. These retention policies are helpful against legal actions, trademark issues, patent infringement, employee lawsuits, and consumer complaints. There are many such legal risks businesses face.

 

FileCloud retention policies deliver control and compliance for the files and their folder groupings in the Cloud. Retention policies allow administrators to automate some processing related to protecting data and help secure digital content for compliance and enhancing the management of digital content for other internal reasons.

FileCloud retention policies are created and attached to stored files and folders. These special policies allow administrators to define the conditions that enforce a set of restrictions on how each file or folder can be manipulated.

What is Data Retention?

Data Retention is a form of records management, with individuals maintaining specific files for established periods of time. It’s intended to provide protection for both the public and the private sector. By keeping information on hand, quick responses to legal or security questions are possible.

Why is it important for organizations?

Organizations are taking a broader view of data retention programs because they realize the programs can have a major impact on data security and on meeting customer (and government) expectations about privacy. Privacy has become a “hot” issue on two fronts. Governments, particularly in the European Union, have been raising the bar both for protecting customer data and for requiring that it be erased on demand. Customers have also become more sensitive about these issues. They are increasingly likely to look at privacy policies and security as reasons to do business with your organization – or with your competitors.

Today, organizations need well-designed programs and policies not only to deal with regulations mandating that specific document types be held for set periods but also to address critical privacy issues and to reduce the cost of potential data breaches.

Retention in Various Industries

Each industry is unique and therefore each industry’s retention requirements are just as unique. Be it Finance, Health, Insurance, Human Resources every industry is forced to retain certain records for a particular time period.

For Example - The insurance field expands the HIPAA guidelines, with companies forced to keep detailed records of every procedure. Policies established by the Federal Register include the following:

How to build a Data Retention Program and Enforce Policy?

Every organization needs a data retention team or task force with the regulatory, business, and technical knowledge to weigh the factors appropriately, to build them into concrete policies, and to monitor and enforce those policies.

Some organizations have recognized this by designating a Data Protection Officer (DPO). The responsibilities of the DPO can include:

 

Obviously, data retention policies will vary across different industries and sizes of businesses, but there are certain elements that should always be included.

Define the scope of the policy

The policy should always include a statement about its purpose and scope. It should describe the business reasons for the policy and list the major legal, regulatory, and business requirements, including laws and standards that must be met. It should also specify the people affected by the policy (who may include third parties as well as employees) and the IT systems and equipment covered.

Classify the data

Good intentions degenerate into hard work at the point when you have to classify documents and files into categories for retention and erasure. The next steps are to determine which documents and files fall into the “should be saved,” “should be erased,”  and to decide on retention and erasure rules for them. The team must weigh the possible future business value of the information against the risk of fines and costs that would result from a data breach

Specify how data will be retained and protected

Outline the policies and procedures for retaining and protecting data. This includes:

Monitor and report

It is important to monitor and report on data retention and erasure activities, both to satisfy auditors and regulators and to collect data to improve these activities. The information collected and reported should include details including:

Data Retention using FileCloud

you can create Retention policies to automate some of the processing related to protecting files and their folder groupings. This policy-based automation is designed to help secure digital content for compliance, but it can also enhance the management of digital content for other business reasons.

For example, administrators can create a Retention Policy that disables a user’s ability to delete or edit any of the files and folders named in the policy. To resolve the issue of conflicting policies, FileCloud ranks retention policies by what best protects and retains the digital content.

How Retention Policies Work 

A retention policy is a name that can apply to any of these types of policies:

Retention policy types allow you to:

  1. Block specific actions on files and folders
  2. Specify what happens when the policy expires

Create a Type of Retention Policy

There are five different types of retention policies that can be configured and assigned.

1. Admin Hold - 

An Admin hold only blocks user access, it does not block other policies from expiring. However, if an Admin Hold is in place, any other policies will expire gracefully without completing any move or delete expiry options.

To create an Admin Hold Policy:

  1.  Log in to the Admin Portal.
  2. From the left navigation pane, select Retention.
  3. On the Manage Retention Policies screen, click the Add Policy button.
Add Retention Policy
Add Retention Policy

 

4. Completely fill out the Policy Attributes section.

Retention Policy Admin
Retention Policy Admin

5. The Path and the Metadata tabs allow you to define the conditions that specify how the policy will be applied in the system.

Path and Metadata Tabs
Path and Metadata Tabs

6. An administrative hold is designed to help an administrator block access to files and folders so that they can determine what should happen next.

Retention Admin Expire Actions
Retention Admin Expire Actions
2.  legal hold

A Legal Hold is designed to retain data, therefore, there is no deletion or move option available when this policy is in effect. Legal Holds cannot be removed once applied unless an expiration fixed date is set.

  1.  Log in to the Admin Portal.
  2. From the left navigation pane, select Retention.
  3. On the Manage Retention Policies screen, click the Add Policy button.
Retention Legal Attributes
Retention Legal Attributes

4.  Completely fill out the Policy Attributes section.

Retention Legal Attributes
Retention Legal Attributes

5. The Path and the Metadata tabs allow you to define the conditions that specify how the policy will be applied in the system.

Path and Metadata Tabs
Path and Metadata Tabs

6.  Legal holds can expire in either a Fixed Date or be set to Indefinite.

Retention Legal Expire Actions
Retention Legal Expire Actions
3. Retention

A Retention policy allows an organization to identify specific content that is required to be stored for a specific period of time before it can be accessed. During the retention period, the content cannot be deleted.

Retention policies cannot be removed once applied unless an expiration fixed date is set.

4. Create an Archival Policy

An Archival policy type is designed to help you create more cost-effective systems for the long term.

Therefore, you can create a policy to move and store old organizational content in the following ways:

6. Create a Trash Retention Policy

A Trash Retention policy is designed to help you control if files in the Trash Bin can be permanently deleted off the FileCloud Server system.

If files in the Trash Bin are permanently deleted off the FileCloud Server system, they cannot be recovered

 

FileCloud retention policies allow administrators to automate some of the processing related to protecting files and their folder groupings. This policy-based automation is designed to help secure digital content for compliance, but it can also enhance the management of digital content for other internal reasons. These retention policies are helpful against legal actions, trademark issues, patent infringement, employee lawsuits, and consumer complaints. There are many such legal risks businesses face.

Without the right systems within your cloud solution to discover and essentially preserve the sensitive content, the time and costs spent on litigation and handle legal cases can quickly spiral out of control. FileCloud retention policies are created and attached to stored files and folders. These special policies allow administrators to define the conditions that enforce a set of restrictions on how each file or folder can be manipulated.

 

By Team FileCloud