Third of European Firms Hoard Information Despite Retention Laws

Europe’s mid-size businesses could be exposing themselves to significant data protection fines by keeping too much information for too long, according to a research from storage and information management company Iron Mountain Incorporated.

The study found that over 35% of firms across Europe admit to keeping all their employee, customer and financial information "in case it is needed."

European data retention guidelines are complex and vary widely between member states. While the average retention period for information is around six years, it can range from three months for customer complaints to more than 20 years for secrecy or patent agreements. Furthermore, these laws change frequently.

In terms of industry sector, manufacturing and engineering firms are the worst performers, with around half (45%) holding on to everything. They are also around twice as likely (at 10%) as most other sectors to have no company-wide document retention policy in place. Surprisingly, in view of the sensitivity of the data handled, the financial services sector is not far behind, with 39% keeping everything and 9% having no company-wide policy.

Iron Mountain and De Brauw Blackstone Westbroek have published a Document Retention Guide that can be downloaded (registration needed) covering Europe’s 15 main jurisdictions to help firms introduce compliant retention policies. The guide enables firms to understand the types of documents they hold, the legislation that affects them, and offers practical tips on  document retention.

"Information is the life blood of a business, but taking care of it from a legal perspective can be a major headache for firms, particularly those with operations across Europe," said Marc Delhaie, CEO, Iron Mountain France. "We have drawn on our experience gained working with some of the largest pan-European firms to understand the main compliance challenges companies face. In an age of big data, an empowered customer base and an increasingly litigious business environment, companies of all sizes need to have robust records retention policies. This guide offers practical help to all those firms who are simply hanging on to everything."

Lokke Moerel, ICT partner at De Brauw, Blackstone, Westbroek and professor Global ICT law at Tilburg University, explained the problem: "Multinationals find themselves in a paradoxical situation. On the one hand, they face growing volumes of information and spiralling storage costs; yet, on the other, they feel compelled to hoard their information to avoid falling foul of complex and changing retention laws. Ironically, it is just as dangerous to hold onto something for too long – such as personal data or unsuccessful job applications – as it is to destroy it too soon – such as health and safety records or email correspondence that could be required for a lawsuit. With frequent changes to document retention laws and cross-border differences, it is hardly surprising that many firms don’t know where to begin."

"A data breach is every firm’s nightmare," concluded Delhaie. "Every organisation has a duty to its employees, shareholders, suppliers and customers to hold information in a way that is secure and responsible. Achieving this can be complex and time-consuming. The publication of the new Retention Guide will help many firms to meet this challenge."

                      Retention management                   
Employee records, customer records and financial records are all governed by legal retention periods. As a business, how do you manage this?