Data Retention Policy



This data retention policy is a boiler plate template that defines the scope, policy and compliance terms for corporate computer users who create, edit or maintain corporate data on their desktop computer and portable devices.  Enforcing this policy is an important step for any company in which proprietary information is crucial to it’s security and ongoing success.  You may download the entire policy template in Microsoft Word format for free by clicking the “download now” button above.

Read on below for excerpts from the actual policy:

1. This policy applies to all _COMPANY employees who use the corporate computer network to create, edit, or maintain corporate electronic data.
2. This data retention policy applies to all computer systems except the corporate electronic mail system.  The data retention policy for electronic mail is addressed in the Email Archiving Policy.
3. This policy does not apply to the retention of paper records

The following rules define _COMPANY’s policy regarding the retention, storage and archiving of corporate electronic data:

1. For the purpose of this Policy, the phrase “electronic data” refers to all files stored in authorized locations on the network.  Authorized locations on the network include, but are not limited to, folders mapped to My Documents for authorized individual users, department-level folders accessed by multiple users, and resources such as the corporate intranet that may be accessed by all _COMPANY users.

2. By default, the IT Department will maintain electronic data for a period of sixty (60) days.  This rule notifies users that the IT Department backups up corporate data on a rolling, 60-day schedule.  The purpose of the backups is to provide operational recovery of electronic data that has been corrupted or accidentally deleted or changed within a 60-day window.

3. Long-term archiving of data is provided only upon request by the Line of Business and approval by the IT Department.  The IT Department will retain corporate electronic data for longer than 60 days only when the owners of the business data submit a written request for a different backup and retention schedule.  Enhanced data retention schedules will be reserved for mission-critical systems and systems for which the data retention schedule is dictated by requirements in local, state, federal, or international laws.

Requests to make exceptions to this policy must be submitted in writing to the IT Department.

Violating _COMPANY Policy is a serious matter that can lead to disciplinary action up to and including discharge.