One of the most important parts of compliance is information retention. But done poorly it can be a great burden to both compliance and other important considerations in information flows. The biggest issue across the board is “infinite retention”, which organisations can resort to in an attempt to ensure compliance without having to attend to specific guidelines for each document type. There are several downsides to this, however, including the difficulty of effectively indexing the resulting bloated archives, the cost of storing many years of unnecessary files, and paradoxical compliance violations that arise from the inability to find relevant information. Infinite retention can also place organisations in violation of the Privacy Act due to personnel files being retained past their period of usefulness.
A good information management partner makes compliance a simple matter. Archives can be initially audited, then properly indexed for easy content visibility. Destruction is arranged for redundant or unnecessary files to limit the number of files being stored, while sentencing schedules are set up for the rest in line with the relevant legislation. As files reach the end of their lifespan, a good information management partner will initiate two-factor authentication before destroying anything, and provide a certificate of destruction after information has been physically shredded or electronically degaussed.
Find out more in Grace’s FREE in-depth information management report – available exclusively at www.grace.com.au/information/compliance