Monday, 26 March 2012

TIME TO THINK ABOUT ELECTRONIC DATA RETENTION POLICY

Organization and retrieval of information are the basis for efficient operation and for compliance of legal requirements in any organization. In government organizations, there already exist a set of well established processes (and standards) for management of information stored in conventional paper based documents. However, in recent times, the digital revolution has marked the beginning of the information age, where dynamics of information management have undergone a radical shift. Enhanced capacity and increased flexibility of data stored in electronic format require a new approach to data retention policy in line with newly established norms in the digital world.
      
In relation to this, an article was published in CIO.IN with title 'Indian IT Depts.: Information Retention? We Don’t Care!' on 21st Nov 2011. The article is based on the survey done by Symantec. Excerpts from the above article are as under:
1) "...Surprisingly enterprise IT departments don’t think a information retention plan is important"
2) "Currently, India has no central Act which lays down provisions related to data retention laws, according to Symantec"
3) "According to Symantec’s findings, India organizations take an average of 10 days to provide their lawyers with information they need to make an early case assessment--compared to five days globally"

(for details, please refer - http://www.cio.in/news/indian-it-depts-information-retention-we-don-t-care-196462011)

Under NeGP (National eGovernance Plan), 'State Data Centers' (SDCs) are being established in the federal states/union territories in India. Data retention is being given due importance in SDCs. Provision for data retention has been elaborated under "Data Retention Plan" in  section 12 of 'Guidelines For Technical and Financial Support For Establishment of State Data Centre (SDC)' issued by the DIT (Department of Information Technology, Government of India). Details (as mentioned in the guidelines) are given as under:

"12.0 Data Retention Plan
12.1 The State would formulate an appropriate Data Retention policy and ensure that the data centre architecture supports the same. The Data Retention Policy would be guided by the following factors:
a. Data classification and risk assessment of data.
b. Data Retention Period.
c. Data Security aspects.
d. Disposal of data once the retention period is over."
Ensuring a clear understanding on classification of data helps in better information processing within an organization. In general, data can be classified on the basis of legal, business and personal relevance. However, online availability of data on internet and use of ubiquitous mobile devices to access data have increased the significance of additional classifications of data on the basis of user authorization, user authentication and sensitivity to security. In future, once platform evolution of e-government enables seamless information exchange across departments, the expectations for continuous improvement in governance through self assessment and self learning processes based on statistical analysis of accumulated data would further increase complexities of data classification, data exchange and data retention.
To meet the challenge, an early move towards adoption of data retention policy is important. Systematically designing organizational change management and capacity building to support strategic information management could be helpful in evolution of next generation government organizations (or departments), which would manage public data with greater efficiency. 

/********************/

Related Information:

Notification has been issued for 'Policy on Electronic Record Retention & Preservation' by the Departments of Information Technology and Bio-Technology, Government of Chhattisgarh on  27 SEP 2013. This can be referred at following link:-

http://www.chips.gov.in/sites/default/files/No._450_and_451_English.pdf

No comments:

Post a Comment