European firms hoarding data despite strict retention laws
3 October 2013 | 0
According to research from PwC for Iron Mountain, more than a third (35%) of smaller European firms are risking prosecution under data retention laws by hoarding data beyond the scope and period required by law.
The study found that more than 35% of firms across Europe admit to keeping all their employee, customer and financial information ‘in case it is needed’.
European data retention guidelines are complex and vary widely between member states. While the average retention period for information is around six years, it can range from three months for customer complaints to more than 20 years for secrecy or patent agreements. Furthermore, the data retention laws are subject to frequent change.
By industry sector, manufacturing and engineering firms were the worst performers, according to the study, with almost half (45%) holding on to everything. These firms are also twice as likely (at 10%) as most other sectors to have no company-wide document retention policy in place. Perhaps surprisingly, in view of the sensitivity of the data handled, the financial services sector is not far behind, with 39% keeping everything and 9% having no company-wide policy.
"Today, each organisation is increasingly aware of the possibility of litigation and this creates a reluctance to destroy original documents," said Colin Rooney, partner, Technology and Life Sciences Group, Arthur Cox. "That in turn creates spiralling storage costs and a potential breach in data protection law, in retaining personal data for longer than necessary."
In effort to help firms deal with this potentially damaging situation, Iron Mountain and Arthur Cox have published a Document Retention Guide covering Irish data retention requirements to help firms introduce compliant retention policies. The guide enables firms to understand the types of documents they hold, the legislation that affects them, and offers practical tips on document retention.
"Information is the life blood of a business, but taking care of it from a legal perspective can be a major headache for firms, particularly those with operations across Europe," said Jim Morrison, sales director, Iron Mountain Ireland. "We have drawn on our experience gained working with some of the largest pan-European firms to understand the main compliance challenges companies face. In an age of big data, an empowered customer base and an increasingly litigious business environment, companies of all sizes need to have robust records retention policies. This guide offers practical help to all those firms who are simply hanging on to everything."
Caroline O’Gorman, associate, Arthur Cox, added "document retention laws are constantly changing and, together with different applicable retention periods in each member state, can become a minefield to navigate".
"A data breach is every firm’s nightmare," concluded Morrison. "Every organisation has a duty to its employees, shareholders, suppliers and customers to hold information in a way that is secure and responsible. Achieving this can be complex and time-consuming. The publication of the new Retention Guide will help many firms to meet this challenge."
The guide can be downloaded free at http://www.ironmountain.ie/compliance/retention-of-records/