After much toiling, your new RIM program is off to a successful start. It took effort, but your records have been inventoried and categorized, and their lifecycles mapped. And thanks to some regular and creative training, your meticulously researched records retention schedule is finally in place—and is being widely followed (miracles do happen).
And the best part? Your stakeholders are no longer bashful about asking you questions—a promising sign that organizational RIM awareness is on the rise. But just as you begin basking in your newfound success, a curveball arrives: “how do our retention periods affect records in backup and recovery systems?” a curious stakeholder asks. Suddenly, you’re adrift in uncertainty. Do retention periods cover backup records? What happens to ‘deleted’ data lingering in backups? And how do litigation holds apply to records and information in backups?
If you’re indeed unclear about how to answer these questions, consider yourself in good company.
Backup and recovery systems are often an overlooked but essential piece to any RIM program. In many organizations, backup and recovery systems have been the exclusive domain of IT departments. And while the technical complexity of backup systems requires IT’s expertise, RIM professionals must also have a seat at the table. This means understanding—and often helping establish and maintain—backup and recovery policies and practices to ensures consistency with your organization’s overall RIM strategy.
So, if you haven’t yet considered how backup and recovery fits into your organization’s RIM program, this article provides you some basics.
What exactly is a backup and recovery system?—Understanding your terms
A backup and recovery system stores a copy of your data for quick restoration if the primary data is lost. This loss can happen for many reasons, such as server failure, cyber-attack, or any number of human- or natural-caused disasters. That’s why you’ll also hear backups called disaster recovery systems. Having reliable backups can be a lifesaver if your organization ever loses access to its primary records and information.
Historically, backups were mostly stored on magnetic tape drives, a medium with both advantages and drawbacks. On the plus side, backup tapes require little storage space and their cost is only growing more affordable. On the downside, however, data on backup tapes is only searchable once fully restored, which prevents indexing or organizing their voluminous files. Finding individual records also often requires searching multiple tapes to recreate the multitude of documents existing when the backup was made. And the older the system, the more difficult restoration becomes. Given this, restoring backup tapes for retrieving individual files can get expensive, fast. Nowadays, most backups use cloud-based storage, significantly easing the identification and retrieval of specific records, although tape usage persists.
Backup versus archive systems—A distinction with a difference
Although backup and recovery is used interchangeably with disaster recovery, it’s incorrect to think of your backup system as a records archive—the two concepts serve different purposes. A true backup is concerned only with restoring records and information after an unplanned loss. On the other hand, an archive is where you store long-term records and information that must still be maintained in an accessible form, even if they’re no longer active or are only infrequently used. Vital and historically valuable records are commonly stored in archive systems, which should then be backed up in case the archive is lost.
Your RRS should already account for records relevant to a historical archive, as these records typically come from across the organization and have long-term business value or must legally be retained. Accordingly, once a retention period for a particular record has passed, it should be deleted from archive, even if it’s no longer stored in a separate, active system. Archived records, though, typically have longer retention periods, and many are “forever” records.
So how should I account for retention in a backup system?
Backups, by their nature, should be duplicates of other active or inactive record storage. And, traditionally, most retention schedules have not addressed backup retention. Instead, backup retention has been the domain of separate business continuity and disaster recovery policies. However, integrating backup retention into your RRS is an easy way to enhance its comprehensiveness and functionality.
Where an RRS addresses backups, it should be through one or more separate, dedicated record series. This approach ensures that all copies of a record, regardless of storage method, are removed you’re your organization’s collective systems.
Short retention periods for backups
Because backups are for restoration only, they generally should not be retained for substantial periods, and instead be regularly rotated and overwritten. In a system designed for disaster recovery, it shouldn’t be necessary to restore records and information that no longer exists in a primary system. But that’s not to say backups aren’t being retained longer—often much longer—pursuant to outdated legacy practices.
Owing to the portability and low cost of backup tapes, many organizations have historically retained backups for many years, sometimes indefinitely. Cloud storage compounds this problem for electronic records since there is a minimal physical footprint to backup storage. As tempting as it may be to retain backups indefinitely as a ‘way back’ machine for your organization’s records, perpetual backup storage can set up a direct conflict with your records retention schedule, as records intended for deletion may still exist within your organizational structure for long after. It can also create litigation and data privacy and security concerns, and undermine an otherwise thoughtful defensible deletion strategy.
Whether long-term backup retention makes sense is a conversation you should have with your organizational stakeholders. But unless there’s a compelling reason, the old justification of “just in case” is no longer persuasive when it comes to retaining backup systems indefinitely.
Regular and automated
Backups should be performed regularly and automatically to minimize the risk of data loss. The schedule should be appropriate to your data’s importance and how frequently it changes. Many systems operate on a schedule of daily, weekly, and monthly backups, with an appropriate retention period for each. The following is one example of how this might look in practice:
Daily backups: Retain for 7 days
Weekly backups: Retain for 4 weeks
Monthly backups: Retain for 12 months
Backup system managers often refer to your organization’s recovery point objective (RPO). This shows the maximum amount of data—as measured by time—that would be lost from a system failure, assuming restoration was possible from your most recent backup. For example, with the above backup retention strategy, your RPO would be 24 hours, meaning no more than 24 hours of data should be lost after successfully restoring records and information from the most recent backup.
Do backup and recovery systems affect litigation hold and discovery obligations?
Absent special circumstances, courts are generally reluctant to order the production of data found on backup systems. This is because restoring backup systems can be costly, and backups should ideally only duplicate information stored elsewhere. Thus, a litigation hold under ordinary circumstances should allow the regular rotation and overwriting of backup systems to continue under the established backup retention or policy.
But even with this general rule, context and nuance can drastically alter your preservation obligations—particularly where a backup contains the only copy of highly relevant data. This means it is critical to thoroughly consult with your legal and IT teams before making any decision regarding backups and legal hold or discovery obligations.
Conclusion—working together to ensure a healthy backup and recovery program
As a records manager, you have a duty to help ensure your organization’s backup and recovery systems are in good order and retention and backup and recovery policies are in agreement. Backups are one area where RIM and IT professionals should better understand each other’s roles and responsibilities. When a system failure leads to lost records and information, timely restoration from a backup is your only hope for recovery. Aligning these policies today may be a lifesaver for your organization’s critical work tomorrow.
Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.