Archiving data requires creating a strategy for long-term data retention. This strategy is usually determined in collaboration with IT, line of business and legal teams. This strategy could be impacted by one of two types of requirements – internal requirements, where for example a company must keep all customer records accessible and online for a period of 24 months, or requirements that stem from government regulations like Sarbanes-Oxley, HIPAA, PCI, etc. For example, HIPAA requires that medical records be retained up to two years after a person’s death. Sarbanes-Oxley requires audit data be kept for seven years after the conclusion of the audit and CFR (Life Sciences) requires that pharmaceutical companies retain clinical trial data for 35 years. Requirements are extremely stringent for companies that must retain data for legal purposes, and most are not prepared to hold data for such long time frames, let alone guarantee it hasn’t been altered in any way.
Categories