Data Retention Policy

Intuitively Manage Content with FileCloud

Data Retention Policy

Leveraging data retention policies can help automate important processes within a content lifecycle. Admins can create customized retention policies in FileCloud to suit unique business purposes and compliance requirements.

Compliance Support

FileCloud offers specialized tools to meet retention requirements for regulations like HIPAA, GDPR, ITAR, and more. Metadata management, content classification, and DLP coordinate with retention policies to create a multi-layered data governance strategy.

Data Privacy

The hyper-secure FileCloud platform protects data throughout its retention period, with encryption for data at rest and in transit, role-based access controls (RBAC), granular file and folder permissions, antivirus scanning, and activity monitoring.

Learn how to develop and implement a data governance strategy with FileCloud!

FileCloud has received the Gartner Peer Insights Customers’ Choice Distinction for the fifth consecutive time!

92% of our customers would recommend us to a friend.

Rating Stars Image

4.6

Data Retention Policies Support Responsible Data Stewardship

Organizations, enterprises, and businesses collect massive amounts of data for their day-to-day operations – these repositories of citizen and consumer data are one of the most valuable assets a company has access to, and they also happen to be a prime target for cybercriminals.

Employing proper protections around collected data and developing sound strategies for appropriate collection, use, retention, and disposal of data is a key component of any organization’s IT security and data governance policy, regardless of their size.

What is a data retention policy, and why is it important?

A retention policy is a rule set up within an IT system that permits or blocks certain actions around a specified piece of data, based on certain parameters that are either met or not met.

For instance, a bank can have a retention policy in place that states all consumer personal data cannot be deleted while the individual still has an account with the bank. The retention policy within the bank’s system would block data deletion if an attempt was made while an account remained active.

Similarly, a manufacturing company that needs to comply with US FDA regulations could implement a Legal Retention Policy, which would lock specific files to prevent them from being deleted, moved, or modified. The company could enable this retention policy so it triggers when a file is tagged with relevant metadata, either manually or automatically through system scan.

How to Create a Retention Policy

To create a retention policy, first an organization must consider the data, balancing the business use case with risk tolerance:

What kind of data needs to be retained, and for how long?
How should the data be maintained? (is there a particular format or file type?)
How accessible does the data need to be, who needs access, and what actions should be available to them?
Should the data be entirely destroyed after a certain period of time or archived?
What regulations will come into play based on the collected data, and how will compliance be organized?
What level of risk will the organization need to accept to retain this data?
In the event of a violation or breach, what remediation will be necessary?

Once this information has been gathered and assessed, then an organization can begin building a retention policy. In five easy steps, an enterprise can ouline a retention policy:

Assemble all pertinent data.
Classify the data into different types.
Decide what kind of retention policy is required for each type of data.
Develop a plan, including identifying who is responsible for which area — communicate accordingly.
Create the policy and apply regular updates as needed.

FileCloud retention policies

Examples of Retention Requirements for Key Regulations

HIPAA – 6 years
FISMA – 3 years
SEC customer records and account information – 6 years
SEC trade confirmations, order tickets, and communications – 3 years
FINRA – 6 years
SOX – 7 years
GDPR – no specified time period, but no longer than necessary to fulfil the purposes for which it was collected

Data Retention Policies for Content Lifecycle Management

Sound data management and stewardship strategies serve as the foundation for an efficient and secure organization. Data retention policies are only one part of data management and governance. It’s important for organizations to consider the entire data lifecycle – doing so will help the organization create comprehensive policies that safeguard the organization, not only from cybercriminals hoping to capitalize on collected data, but also pervasive operational inefficiency and regulatory violation penalties.

FileCloud Data Retention Policy Creation

FileCloud is a powerful Enterprise File Sync and Share (EFSS) solution that supports hyper-secure remote access, file storage, and data governance. The Governance dashboard offers a myriad of tools and settings to support data visibility and automated security protocols, including identify authentication integrations, granular file permissions, and access and retention policies.

There are five types of retention policies that can be set in FileCloud. These policy types are hierarchical, which means that certain types outrank others, as a means of ensuring that data is protected at the highest possible requirement. In order of hierarchy preference, these policy types are: Admin Hold, Legal Hold, Retention, Archival, and Trash.

Admin Hold: Prevents any update or deletion of digital content for an indefinite period of time.
Legal Hold: Freezes digital content to aid discovery or legal challenges; disallows file modification.
Retention: Identifies digital content to be retained for an unlimited amount of time before being deleted or released.
Archival: Moves old organizational content to a long-term storage environment, in which deletion will not be permitted until a certain amount of time has passed.
Trash Retention: Can be configured for automatic and permanent deletion of all files in the Trash bins or to expire with no actions.

Advanced Encryption

FileCloud can be configured with different levels of encryption to support enterprise security. AES 128- or 256-bit is available for encrypting data at rest and TLS 1.3 encrypts data in transit. FileCloud can also be run with FIPS 140-2 validated encryption modules.

Granular File Sharing

Share files privately with users, groups, and Team Folders or as public share links. Set up share notifications so that whenever anyone accesses or edits shared files, you will be notified accordingly. Set read, write, deletion, and share permissions to limit file actions.

Secure Shared Files

Use password-protected links for sensitive data and set view, access, and edit permissions. FileCloud also supports Zero Trust File Sharing® – users can share files via encrypted, password-protected container, wherein files can only be read by entering the password.

External File Sharing

Collaborate on data by configuring FileCloud as an external client portal (unlimited external accounts for clients, vendors, contractors, and more). Create a custom file upload form and enable mobile application access with endpoint backup.

Metadata & Content Classification

Built-in and custom metadata sets support data visibility based on tags. Admins can set up classification rules to limit how data is accessed and shared; with Smart Content Classification, this classification system can be automated.

Smart DLP

FileCloud supports both manual and automated (Smart) Data Leak Prevention (DLP). Rules are based on metadata tags and restrict data from being shared based on specified parameters – the restriction can be a total block or permissive (allow share with notification).

Microsoft 365 and Outlook Integration

FileCloud integrates with Microsoft 365 for real-time editing in familiar applications like Word, PowerPoint, and Excel directly within FileCloud; enable the FileCloud for Outlook plug-in to share and import files between FileCloud and Outlook email.

Workflow Automation

FileCloud lets you automate repetitive tasks with admin and end-user workflow automation. The drag-and-drop visual builder makes creating workflows simple, and the dashboard creates a centralized view to monitor workflow activity and make changes as needed.

Start Free Trial!

Financial Data Retention

The Financial Industry Regulatory Authority (FINRA) has set cybersecurity and data privacy standards around how long data is retained and what sorts of security mechanisms (such as encryption) are involved. These standards are designed to protect investor and consumer data, particularly as it relates to patent infringement, trademark issues, consumer complaints, and employee lawsuits.

FileCloud offers powerful file sharing and storage tools that help meet FINRA requirements:

Access authentication integrations (e.g., AD/LDAP, SSO, 2FA): restricts access to authorized users
Role Based Access Controls (RBAC) & User/Group Policies: sets specific permissions on how data can be accessed and by whom.
Data Retention Policies: create retention policies for Admin Hold, Legal Hold, Retention, Archival, and Trash.
Metadata Management: Admins can leverage built-in metadata sets or create custom tags to support finance data visibility
Client Portal: support external user file upload to collect sensitive data in a branded platform
Encrypted data, at rest and in transit: 256-bit AES encryption, TLS 1.3, FIPS 140-2 validated encryption

Frequently Asked Questions (FAQs)

What is meant by a data retention policy?

A retention policy is meant to organize how data, collected by an organization, is handled. Data privacy and security regulations, such as GDPR, HIPAA, FINRA, and SOX, specify that data must be processed for specific purposes and retained for a specified time period, after which it may be archived or deleted.

How long is data normally retained?

The amount of time data is retained depends on the type of data and the regulations in place for them, respectively. For example, HIPAA specifies that PHI be retained for a minimum of 6 years, but SEC trade confirmations, order tickets, and communications need only meet a minimum retention period of 3 years.

How long should data be retained per GDPR?

GDPR laws do not specify how long data must be retained but mentions that data processing should be removed once its purpose has been fulfilled. FileCloud has tools like pattern search, user consent rules, and a dedicated Compliance Center to help with GDPR audits.

Worldwide

FileCloud

CodeLathe Technologies Inc.
dba FileCloud
125 Park Avenue FL 25
New York, NY 10017-5550

Fax: +1 (866) 824-9584

Europe

FileCloud Technologies Limited

Ducart Suite,
Castletroy Park Commercial Centre, Castletroy,
Limerick, Ireland

Copyright © FileCloud. All Rights Reserved.

Please select your country

SUBMIT