An annual review of your retention schedule is not just a compliance exercise—it’s an opportunity to align with business and regulatory changes, engage stakeholders, verify privacy compliance, and ensure your organization is audit-ready.

During a recent webinar, “Retention Schedule Revamp Techniques for Improved Privacy, Compliance, and Efficiency,” Brenda Barnhill, Director of Information Governance at Access, T’Don Marquis, Director of Digital Solutions at Access, and Rebecca McIntyre, Security Specialist, Principal Data Protection & Privacy at American Electric Power, provided practical insights from their vast experiences regarding retention schedule updates.

Retention schedules form the backbone of compliance and privacy in any organization. Therefore, it’s important to ensure they remain up to date. As you conduct your organization’s next retention schedule annual review, here are seven key considerations to keep in mind.

1. Aligning with Business Operations

Rebecca McIntyre on Aligning Retention Schedules and Choosing Virgo by Access

During the discussion, Brenda Barnhill pointed out, “We need to understand if your business operations have changed. Do you have a new line of business? Have you had any mergers and acquisitions activity like a divestiture?” With business changes come changes in the regulations that apply to you.

Reassess your retention schedule each year to ensure it reflects any updates or modifications in company-wide functions, organizational roles, processes, or services. Changes in the business landscape can significantly influence your data and record-keeping requirements.

2. Reviewing Legislation and Compliance

T’Don Marquis on Efficient Retention Schedule Management for Compliance

Your annual review process should include research for any new regulations, law amendments, or compliance requirements relevant to your organization.

T’Don Marquis explained that most US-based companies are subject to between 8,000 and 20,000 laws and regulations across retention, privacy, statutes of limitation, and other types of requirements. Global organizations must keep track of 30,000 or more and upwards of 100,000 depending on how many countries they operate in.

Many records managers work with inside or outside counsel to research changes in regulations and determine which ones affect the organization’s retention schedule. However, some (like Rebecca) find legal research software to be a more effective and time-saving resource.

3. Ensuring Quality Research

The quality of your research not only dictates your ability to comply with laws and regulations, but it also plays a crucial role in the general effectiveness of your business operations. This involves making sure that all data points in any citation are accurate, necessary, and provide practical applications. It also involves confirming that all citations align with your retention schedule.

During the webinar, Brenda emphasized the importance of ensuring that “every data point in any citation is accurate and meaningful.” The responsibility is on the organization to not only acquire information but to verify its authenticity and applicability before incorporating it into the retention schedule.

4. Stakeholder Identification and Collaboration

An overlooked aspect of many companies’ procedures for maintaining their retention schedule is the involvement of different internal stakeholders. Collaboration between the various departments is key in making informed decisions about the retention schedule. When everyone is on the same page, the entire process is smoother.

However, turnover can make getting in touch with the right people a challenge. Rebecca McIntyre reflected on her experience in updating their retention schedule at AEP and stressed the importance of maintaining an updated list of contacts.

5. Updating Privacy Classifications

Privacy regulations are constantly changing. For example, in the US, privacy laws were traditionally established to prevent or mitigate harm, but more recently, they’ve been rooted in the belief that individuals own their personal information and thus have the legal right to control it. As such, it is pivotal that we routinely refresh our retention schedules so they continue to be effective and relevant.

Assigning appropriate privacy classifications is a key procedure of privacy management. Record owners must be vigilant and proactive in updating or assigning these classifications during the annual review to guarantee alignment with privacy laws. If new types of data or information have emerged, evaluating the necessity of new privacy classifications or revisions becomes crucial to maintaining data protection.

6. Implementing Metrics

Rebecca McIntyre talked about incorporating metrics for better tracking and reporting, such as compliance and records disposal rates. Evaluating these metrics is essential to ensure systematic tracking, data-driven decisions, and a clear representation of the progress and effectiveness of the retention schedule. They also aid in identifying and rectifying gaps in the process.

7. Track Changes for Audit Readiness

Rebecca McIntyre and Brenda Barnhill on Embracing Audits Driving Information Governance Forward

Finally, one of the most important considerations highlighted by T’Don Marquis is the need to be audit-ready. A records audit formally assesses how your organization controls who recovers, changes or owns a particular record. During this process, the auditor scrutinizes your files from both legal and practical perspectives and provides a comprehensive report outlining recommendations for record retention or potential disposal.

To prepare for an audit, you need an effective way to track changes made to your policies and record systems. Proactively tracking changes allows for better visibility and control over company data and forms a crucial component of a successful retention schedule review.

The seven key considerations outlined here provide a comprehensive framework for a thorough and effective retention schedule review process. By implementing them in your next annual review, you can boost compliance, improve privacy, and promote collaboration within your organization.

For additional insights on conducting an annual retention schedule review from Brenda Barnhill, T’Don Marquis, and Rebecca McIntyre, watch Retention Schedule Revamp Techniques for Improved Privacy, Compliance, and Efficiency.

To learn more about Virgo, our cloud-based legal solution that informs your privacy and retention policies by providing continuously updated legal research in 220+ jurisdictions worldwide, request a free 30-minute consultation and demo with our privacy, policy, and security experts.