Business Data Retention – Best Practices

What is the first (best) practice in the email retention space?

If you have a question about what business data to retain consult your attorney to ensure that you are in compliance with all federal, state, and local regulations. You will also want to ensure that you have documented retention requirements for your clients, and that your staff and vendors know how to address them in the services you provide.

Retention requirements vary widely, as you can see in the list below:

• Internal Revenue Service (US IRS): seven (7) years

• Payment Card (PCI DSS): one (1) year

• California Franchise Tax Board (CA FTB): four (4) years

• DISA Security Technical Implementation Guides (STIG): one (1) year

• Many State Revenue Departments: three (3) years

• HIPAA Section 164: six (6) years

It gets even more confusing. For example, medical records retention is set by each state.

In the state of California, that looks something like this:

• Adult patient records: seven (7) years

• Minor patient records: one (1) year after the patient reached the age of 18, but at least 7 years

If you are confused, consult legal counsel.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.