From DataDobi, Out of Sight, Out of Mind? Dangers of Forgetting about WORM Data Retention Periods
StorageMAP can identify files that have exceeded retention period, and then produce lists of those files so that they can be acted upon, either by moving them to different storage system or deleting them.This is a Press Release edited by StorageNewsletter.com on May 25, 2023 at 1:01 pm
By Michael Jack, CRO and co-founder, Datadobi, Inc.
Out of Sight, Out of Mind? The Dangers of Forgetting About WORM Data Retention Periods
Importance of storing certain data under WORM control
WORM data stands for ‘Write Once, Read Many’ data, which refers to storage that allows data to be written only once and then read many times, but cannot be modified. WORM data is required for a variety of reasons, particularly in industries where data integrity, authenticity, and long-term preservation are critical.
Examples include financial services, healthcare, legal, telecommunications, and government sectors. In these industries, WORM data is used to store important records, such as financial transactions, medical records, legal contracts, and government archives. The data is stored in a format that cannot be altered or deleted, ensuring that the information is preserved in its original state and that it is available for audit or legal purposes if necessary. WORM data is also used to protect vs. data tampering and ensure compliance with various industry regulations, such as SEC Rule 17a-4(f), HIPAA, and GDPR.
In response to these requirements, storage vendors have incorporated WORM capabilities into their systems. These capabilities allow for the creation of special storage areas where data can be stored for a specified period of time without being deleted or modified. The retention date of each file is stored individually as it may vary. For instance, some files may need to be retained for 7 years while others may need to be kept for 10 years, and so on.
Risks associated with storing WORM data beyond required retention periods
While it is critical to be able to ensure that WORM data is stored for the required retention period, it is equally important to be able to identify when the retention period has expired and the necessary next steps to be taken, for several reasons.
First, retaining data beyond the required retention period can result in unnecessary storage costs and consume valuable resources.
Second, storing data beyond the required retention period can also increase the risk of data breaches, as the longer data is stored, the more opportunities there are for unauthorized access or theft.
Third, it can also create legal and regulatory risks, as organizations can be held liable for retaining data that they are not authorized to keep.
And last but not least – in fact many might argue most importantly… any legal e-discovery activity resulting from litigation would capture all the organization’s data – that is, all the data that is still required to be retained, as well as all the data that could have been deleted.
It’s time for a WORM data governance plan
The first step in overcoming these challenges is the development of a ‘WORM Data Governance Plan’. Ideally, it should involve various groups within the organization and provide clear policies and guidelines for managing and protecting data. This includes specifying retention periods, data classification and labeling, and implementation of data access controls, encryption, and monitoring tools. Regular audits and assessments should be conducted to identify vulnerabilities and ensure compliance with relevant regulations.
Groups involved in the development and implementation of the data governance plan include IT professionals, legal and compliance teams, business units, and risk management and audit teams. A collaborative approach involving all relevant groups can ensure the plan is comprehensive, effective, and tailored to your organization’s needs and goals.
Simpler in theory than in practice
Unfortunately, it can be difficult to keep track of WORM data retention periods, especially when dealing with a large amount of data stored in this format. While some storage systems that house WORM data may have functionality that allow for ‘retention release’ not all applications that write data can track retention periods and prune datasets as needed. Even in cases where an application has this functionality, it can be brittle due to the loose coupling between the data being stored, the storage system(s), and the application’s visibility to that data.
Improve WORM data governance and reduce risks with StorageMAP
There is a solution that can help you mitigate these risks and improve your data governance practices: StorageMAP that can identify files that have exceeded their retention period; it can then produce lists of those files so that they can be acted upon, either by moving them to a different storage system or deleting them
In conclusion, a well-managed WORM data environment can offer benefits for organizations. By effectively managing WORM data throughout its lifecycle, organizations can enhance their compliance posture, improve operational efficiency, and build trust with customers and stakeholders. Investing in a comprehensive data management solution, such as StorageMAP, can help organizations to achieve these benefits and set themselves apart from their competitors.