Data Destruction vs Data Retention?

Wed, Nov 28, 2018
By: Steve Clopton
Data Destruction vs Data Retention?

Dealing with your company’s valuable data requires care and attention. It’s your responsibility to safeguard your clients’ privacy and adhere to any regulations that apply to the storage and destruction of the data you collect.

At Gilmore Services, we provide both data retention and data destruction services to our clients, working closely with them to ensure that their data is being properly handled. Here’s what you need to know to ensure that the timing of your data destruction is correct.

Understand Applicable Regulatory Requirements

The first step to ensuring that your timing is correct when destroying data is to know which regulatory requirements apply to the data you store for your business. Different industries have different requirements. Most require you to keep data for a fixed amount of time and then destroy it according to a predetermined schedule.

Probably the best-known regulatory requirement is the Health Insurance Portability and Accountability Act, or HIPAA, which applies to patient privacy and the storage and distribution of health-related data. Another regulation that may apply if you store credit card information on behalf of your clients is the Fair and Accurate Credit Transactions Act, or FACTA.

Companies in the finance sector may also be required to adhere to regulations laid out in the Sarbanes-Oxley Act, which governs things like corporate disclosure and audit requirements.

Once you know which regulations apply to your data, you can use that information to create a data destruction schedule that works for you.

Store Your Data Safely

Any documents that you are required to retain must be stored safely and properly. It’s your responsibility to maintain proper records in good condition. During the retention period specified by the law, your records must be available and accurate.

Regulations apply both to paper documents that you store on site or with a document storage company like Gilmore Services. They also apply to data that’s stored in the cloud or on a hard drive.

Any data that is stored electronically must be protected with a firewall, anti-virus and anti-malware software, and other security measures as needed. Many companies use a “least required” system to limit employee access to sensitive data. That means only people who need access get it.

Paper documents must be protected against environmental damage. They must also be stored in an environment free of rodents and pests that might damage them.


Partner with an Experienced Data Destruction Company

Perhaps the best way to ensure that your data destruction is done in accordance with regulations and in a timely manner is to partner with an experienced data destruction company like Gilmore Services.

Ideally, you should look for a company that has an active certification from the National Association for Information Destruction (NAID.) A NAID certification tells you that the company in question uses equipment that meets Department of Defense standards and adheres to all requirements of HIPAA, FACTA, and the Sarbanes-Oxley Act. Gilmore Services has a AAA certification from NAID.

You should also look for a company that offers Downstream Data insurance to clients as part of their service. Only companies with a NAID certification can qualify for Downstream Data. This provides clients with:

  • Coverage of data breach notifications up to the policy limit
  • Professional liability coverage to protect you and your data

We include Downstream Data at no extra cost. Not every document management service offers insurance to its clients, but we feel it’s an important thing to do.

A good document management company will work with you to ensure that you adhere to all requirements both in the way your data is stored and the way it is destroyed. Data destruction rules apply both to physical data (documents and files) as well as to digital data. Removing data from a hard drive requires special training and equipment.

It’s a good idea to partner with a company that will remind you of data destruction requirements and come to you to get documents that are scheduled for destruction. As a reminder, Gilmore Services offers on-site and off-site destruction of sensitive documents.


Your clients expect you to keep their personal data safe and secure. It’s your responsibility to destroy data according to regulations and partnering with the right data management company can help you do that.

To learn how Gilmore Services can help your company with data retention and destruction, please click here for more information.