Data Retention: What to Keep and What to Delete

Data Retention: What to Keep and What to Delete

Data Retention: What to Keep and What to Delete

Overview

Data retention is the practice of keeping records for as long as you need them and removing them when you do not. Good retention protects your company from legal risk, reduces storage costs, and makes it easier to find what you actually need.

Before You Begin

  • Locate your company's data retention policy. Your compliance officer, HR, or legal team can point you to it.
  • Know the categories of data you work with: customer records, financial documents, HR files, project artifacts, email, and chat history.
  • Confirm whether any active legal hold applies to you. A hold pauses normal deletion.

Steps

  1. Read the retention schedule that applies to your role. Most policies set different timelines by data type. For example, financial records often live seven years, while routine email may live one or two.
  2. Save important records in the approved system. If a document needs to be retained for years, put it in the company file share or document management system, not a personal folder.
  3. Delete what no longer has business value. Outdated drafts, expired quotes, and one-off attachments add clutter and risk.
  4. Empty your local downloads folder regularly. Files sitting there are often forgotten copies of data already stored elsewhere.
  5. Archive instead of delete when you are unsure. Most company file systems have an archive area that keeps records out of sight but recoverable.
  6. Honor legal holds. If your legal team places a hold on a topic, project, or time range, stop deleting anything related until they release the hold.
  7. When you offboard from a project, ask the project owner what should be kept. Hand the records off rather than letting them sit on your machine.

Troubleshooting

  • If you are unsure how long to keep something: ask your compliance officer. Defaulting to "keep forever" creates its own risk.
  • If you receive a legal hold notice: follow it word for word. Do not delete, move, or alter anything in scope until it lifts.
  • If you accidentally deleted a record under retention: report it to your manager today. Most systems have a recovery window of thirty days or longer.
  • If your inbox is overflowing: ask your administrator about an automatic deletion or archive rule that matches the retention policy.

Related Articles

Need More Help?

Submit a ticket at support.bostonmit.com or email support@bostonmit.com.

    • Related Articles

    • HIPAA Basics for Everyday Employees

      HIPAA Basics for Everyday Employees Overview HIPAA is a U.S. law that protects patient health information. If your company handles medical records, billing data, or anything that identifies a person and their care, HIPAA shapes how you store, share, ...

    • SOC 2 Awareness: How Your Day-to-Day Supports the Audit

      SOC 2 Awareness: How Your Day-to-Day Supports the Audit Overview SOC 2 is a voluntary audit that proves your company protects customer data the way it claims to. If your company holds a SOC 2 report or is working toward one, your daily habits feed ...

    • CMMC Basics: What You Need to Know

      CMMC Basics: What You Need to Know Overview CMMC is the Cybersecurity Maturity Model Certification, a U.S. Department of Defense program for protecting sensitive government information. If your company does work for the DoD or its contractors, CMMC ...