Kudos on the retention schedule. I think that it effectively communicates what to retain and for how long. I like that you identified categories of documents, specifically:
A. Accounting and Finance
B. Corporate Records
C. Project Documentation
D. Source Code and Designs
E. Correspondence and Internal Memoranda
F. Legal Files and Papers
The owner of the document and policy is clear; having a direct point of contact could be useful for an end-user. Also, you identified the requirement to adhere to laws and regulations for retention. I recall that if a court ever requests electronic information, document retention is critical. It might help to emphasize that the policy supports corporate governance and would support the organization in legal matters (prevention and litigation).
I like the way you laid your policy out. By going through each portion of records created by the business and then giving the retention schedule would allow an employee to easily discern what to do with a record if they were unsure of how long to retain the record. The only area I was a little concerned with is Section II. Scope where the “note” portion directed readers that retention requirements could be mandated by other sources, and that those sources hold precedence over the policy, but failed to give employees any direction to what some of those sources could be or where they could be found. Outside of that, your policy is very easy to understand which is probably most important.
This is awesome, i have learnt so much from your Policy on Electronic Retention,i specifically like the example of the different types of documents and retention periods. For some reasons, i always thought all documents must be kept for 7 years, and i see that there are different retention periods for different documents.
If i may clarify, page 6 of the policy talks about data destruction being a critical component of the data retention policy, it is legal to actually destroy data once the retention period is over right ?? And are we talking about permanent destruction ? as in destruction where the information can not be retrieved again? i know there are different types of Data destruction like Wipe/Clean (USB), reimage/Overwrite (tape) etc.
But has there ever been any situation where data was destroyed after the retention period was up, and is afterwards being required for legal reasons ? Is it acceptable to the courts to say the retention period was over and data has been destroyed (with Certificate of destruction as proof) ?
Team 3, I found your policy on Electronic Document Retention informative and detailed. The comprehensive breakdown used for your record retention schedule would be extremely useful for an employee to reference. In you video, I liked the exposure risk/liability portion where the Carlucci v. Piper Aircraft lawsuit was used to enforce the policy need and to abide by it. Overall, great job.
This was a very good policy and presentation. The format of the policy and retention tables made it very clear how the business manages data retention. Additionally, the video was a good complement to the policy at pointing out the consequences for not following the rul
Very well done policy and video. I liked how the policy had specific rules and retention periods in regards to different types of documentations. The policy was detailed enough where it even included internet cookies, which would probably be overlooked by a majority of companies.
This is a very well structured and detailed policy on Electronic Document Retention. It was good to see how in-depth your policy was, and able to cover different forms of electronic documents and also distinguish how the policy will be applied to those different forms/classifications.
I thought your video was a very good resource that supports and summarizes, while outlining key details of your policy to new employees of Fox3T. However, based on that type of scenario that was referenced in your video, I will have imagined that your policy would have somewhat addressed the use of a centralized storage/repository system whereby all employees working on company projects will be mandated to store files (i.e source code, design plans, requirement docs etc.) pertaining to the project/product. Other than that, I though your policy delivered the intended message to employees of Fox3T, which is key.
Some questions that I had after watching the video and reading the policy:
– According the video, the IT department bears the burden of actually destroying the document. How are they going to become aware of a document reaching passing it’s retention period? Are end-users or department managers tracking this? Is software?
– Retention Policy seems to be a great instance where least privilege/access control can come into play. Perhaps non-IT employees cannot erase electronic documents? Maybe something like Google Documents and how they handle version control?
My intent isn’t to sharp shoot the group, just share some thoughts.
I meant to comment on this earlier, but it’s been a busy week.
– We didn’t mention this in our policy or video, but there is software now that tracks electronic documents. I only know from a law firm perspective, but generally most law firms use Document Management Systems (DMS). Some major players are NetDocuments and Filesite. Through the DMS, documents are stored within folders in a client/matter file. From there, documents can be deleted. So for example, is a certain matter is being disposed of and all material is required to be purged, then the physical records will be purged as well as the electronic records. In this example, when searching for electronic documents to be purged, any document that has the to-be-purged matter number in it’s meta-data will be purged.
– Typically, in a DMS the privilege to delete isn’t available, but that may differ per DMS. Usually the permission to delete a document is only given to the administrator, which is usually someone in IT.
I appreciate your comment, because it made me think about some aspects of our policy.
Above we’ve provided the file for the video. If anyone would like to view the video on Youtube, please follow the link below.
https://www.youtube.com/watch?v=7N4m22NsApw
Thank you!
Kudos on the retention schedule. I think that it effectively communicates what to retain and for how long. I like that you identified categories of documents, specifically:
A. Accounting and Finance
B. Corporate Records
C. Project Documentation
D. Source Code and Designs
E. Correspondence and Internal Memoranda
F. Legal Files and Papers
The owner of the document and policy is clear; having a direct point of contact could be useful for an end-user. Also, you identified the requirement to adhere to laws and regulations for retention. I recall that if a court ever requests electronic information, document retention is critical. It might help to emphasize that the policy supports corporate governance and would support the organization in legal matters (prevention and litigation).
I like the way you laid your policy out. By going through each portion of records created by the business and then giving the retention schedule would allow an employee to easily discern what to do with a record if they were unsure of how long to retain the record. The only area I was a little concerned with is Section II. Scope where the “note” portion directed readers that retention requirements could be mandated by other sources, and that those sources hold precedence over the policy, but failed to give employees any direction to what some of those sources could be or where they could be found. Outside of that, your policy is very easy to understand which is probably most important.
This is awesome, i have learnt so much from your Policy on Electronic Retention,i specifically like the example of the different types of documents and retention periods. For some reasons, i always thought all documents must be kept for 7 years, and i see that there are different retention periods for different documents.
If i may clarify, page 6 of the policy talks about data destruction being a critical component of the data retention policy, it is legal to actually destroy data once the retention period is over right ?? And are we talking about permanent destruction ? as in destruction where the information can not be retrieved again? i know there are different types of Data destruction like Wipe/Clean (USB), reimage/Overwrite (tape) etc.
But has there ever been any situation where data was destroyed after the retention period was up, and is afterwards being required for legal reasons ? Is it acceptable to the courts to say the retention period was over and data has been destroyed (with Certificate of destruction as proof) ?
Team 3, I found your policy on Electronic Document Retention informative and detailed. The comprehensive breakdown used for your record retention schedule would be extremely useful for an employee to reference. In you video, I liked the exposure risk/liability portion where the Carlucci v. Piper Aircraft lawsuit was used to enforce the policy need and to abide by it. Overall, great job.
Team 3,
This was a very good policy and presentation. The format of the policy and retention tables made it very clear how the business manages data retention. Additionally, the video was a good complement to the policy at pointing out the consequences for not following the rul
Very well done policy and video. I liked how the policy had specific rules and retention periods in regards to different types of documentations. The policy was detailed enough where it even included internet cookies, which would probably be overlooked by a majority of companies.
Team 3,
This is a very well structured and detailed policy on Electronic Document Retention. It was good to see how in-depth your policy was, and able to cover different forms of electronic documents and also distinguish how the policy will be applied to those different forms/classifications.
I thought your video was a very good resource that supports and summarizes, while outlining key details of your policy to new employees of Fox3T. However, based on that type of scenario that was referenced in your video, I will have imagined that your policy would have somewhat addressed the use of a centralized storage/repository system whereby all employees working on company projects will be mandated to store files (i.e source code, design plans, requirement docs etc.) pertaining to the project/product. Other than that, I though your policy delivered the intended message to employees of Fox3T, which is key.
Some questions that I had after watching the video and reading the policy:
– According the video, the IT department bears the burden of actually destroying the document. How are they going to become aware of a document reaching passing it’s retention period? Are end-users or department managers tracking this? Is software?
– Retention Policy seems to be a great instance where least privilege/access control can come into play. Perhaps non-IT employees cannot erase electronic documents? Maybe something like Google Documents and how they handle version control?
My intent isn’t to sharp shoot the group, just share some thoughts.
Andres,
I meant to comment on this earlier, but it’s been a busy week.
– We didn’t mention this in our policy or video, but there is software now that tracks electronic documents. I only know from a law firm perspective, but generally most law firms use Document Management Systems (DMS). Some major players are NetDocuments and Filesite. Through the DMS, documents are stored within folders in a client/matter file. From there, documents can be deleted. So for example, is a certain matter is being disposed of and all material is required to be purged, then the physical records will be purged as well as the electronic records. In this example, when searching for electronic documents to be purged, any document that has the to-be-purged matter number in it’s meta-data will be purged.
– Typically, in a DMS the privilege to delete isn’t available, but that may differ per DMS. Usually the permission to delete a document is only given to the administrator, which is usually someone in IT.
I appreciate your comment, because it made me think about some aspects of our policy.