data retention regulations

Data retention regulations may apply to almost all of the data in your business, but could it be made easier to successfully manage the data and mitigate financial risk from fines or data breaches?

Navigating the regulatory environment is a minefield, given that there are data retention regulations for the financial services industry across both the international and national levels, as well as from regulating organisations.

Keeping records for a long time has both pros and cons, and reasons for storing data varies from business to business. Financial records such as Profit and Loss statements or payroll are analysed for audits, or by management when making strategic decisions, such as for investments, expansions, or laying off staff.

Most businesses want to keep contracts and sensitive files in case of investigations, legal issues etc, which not only counts towards Chain of Custody in case of an investigation or legal case, but records are important for due diligence – often used during takeovers or when selling a business or investing.

Especially with the high degree of trust customers place in financial services firms with their livelihoods, keeping accurate records for as long as possible maintains that trust and protects reputation.

Why are there data retention regulations for financial records

Data retention regulations protect the population from having their sensitive information leaked or hacked, protect financial services firms, and protect the overall economy from risk.

Breaching these regulations means penalties, that vary across the world:

  • Hong Kong – Up to HKD$100,000
  • United Kingdom – Up to £17.5 million or 4% of annual turnover
  • Europe (GDPR) – Up to €10,000,000 or 2% of annual turnover
  • United States (17 CFR Part 210 & CCPA) – Up to $7,500 (Different states however have different regulations, such as California stronger laws are in place with heavier penalties).
  • Canada (PIPEDA) – Up to $100,000 CAD
  • Brazil (LGPD) – Up to $11,000,000
  • Others – + $500,000

What records are usually retained?

Data is kept for an average of 7 years, and key records that are usually stored are no surprise;

  • Accounting records
    • Bank statements
    • Deposit slips
    • Taxes
    • Payroll
    • Purchase orders
    • Employee expenses reports
  • Insurance records
    • Incident reports and claims
    • Policies
    • Safety reports
  • Legal documents
    • Agreements
    • Contracts
    • Employment contracts

Aside from storing these records, staff at financial services firms often share them with each other for meetings, pitches, reviews, and so forth. Often leaving sensitive information in vulnerable positions.

And this is the most crucial reason why financial services firms need a complete data retention strategy – not just for their records (in storage) but also their communications systems, where records could lurk for years after they’ve been deleted from other systems in compliance with regulations. This includes WhatsApp, WeChat, and other instant messengers, and internal collaboration software.

CINNOX keeps financial services in-line with data retention regulations

CINNOX provides a comprehensive data retention package which covers all customer data, communication records, and any shared media such as files.

  • Instant messengers, such as WhatsApp, are integrated with CINNOX so conversations and shared records between staff – staff and staff – customers over instant messengers are backed up and deleted in-line with the data retention policy you define
  • This also includes all communication between staff on CINNOX, such as video/audio conference recordings, group chats, and shared files
  • Data is only retained on the CINNOX servers for the scheduled period
  • Data is backed-up and uploaded to your secure file server using a strong encryption channel (RSA cryptosystem)
  • Files are encrypted and saved as a ZIP file with a password before uploading to your secure file server
  • You can generate your own encryption keys within the CINNOX system
  • All retention logs are available
  • NEW: Online mode gives you this feature to sync your files with your database like MongoDB and define different permission for your team to access from CINNOX Retention Portal
  • CINNOX is safe, secure, and compliant with rigorous testing to ensure the latest security and encryption standards

Whatever your business model, regulatory organisation, or country, CINNOX is able to tailor a comprehensive and secure data retention package for your unique requirements. Talk to us today to find out more.

Read more: Everything you need to know about data retention


References for data retention regulations:

Magazine Arma summary of retention regulations

ICPAS – retention regulation guidelines

SEC