Flexible Retention Policies including ability to override existing policies if necessary
The inflexibility of current retention policies does not allow customers to meet all of their legal obligations. Currently, if a retention policy is placed on a document, it is not possible to permanently delete the document before the retention period is completed.
While these retention policies settings may work (and are required) for FINRA compliance, they cannot be used for all use cases. For example, if an organization reaches a legal settlement, and part of the settlement is the destruction of certain content (either one user's content or content specific to the case), this request cannot be completed.
Josephine Conneely
shared this idea
Introducing modifiable retention policies in Box Governance!
Box Governance allows organizations to manage their content’s lifecycle by powering business processes with flexible retention schedules, preserving content for defensible discovery, and managing the disposition of content. From the start we built Box Governance for highly regulated industries and our existing retention policy type was intentionally designed to be non-modifiable. As Box has grown, we have seen the need to expand our retention policies and are excited to announce Box Governance now has two types of retention policies - modifiable and non-modifiable.
Modifiable retention policies will provide flexibility as external regulatory environments or internal governance policies change. Modifiable retention policies allow customers to implement retention policies with the ability to modify them later. This will allow for both the creation and modification of policies, including shortening of retention policies, as well as making policy changes retroactively to content already under retention. For our customers who need to comply with SEC/FINRA Rule 17a-4, there’s no need to worry. Going forward, when a policy is created your Box Admin can specify if it is modifiable or non-modifiable. Non-modifiable policies can continue to be used to help you meet SEC/FINRA retention requirements.
We also added the ability to expand non-modifiable retention policies without being modified. Box Admins have the option to extend the retention time period duration to meet regulatory or internal compliance needs, while still remaining SEC/FINRA compliant.
Learn more about Box Governance and stay tuned for more information on these upcoming features!
See our retention support page for more information about modifiable retention.
-
Hi Everyone!
We are pleased to announce that modifiable retention policies will be released July 2022! This is a new type of policy that will allow you to edit all fields of a policy after the policy is created. Current policies, now called non-modifiable policies, will not be modified during this release and still be available for creation. Please contact your CSM to learn more!
Best,
Will Carlson
Sr. Product Manager -
Anonymous
commented
As mentioned by the above customer, the ability to adhoc delete content to ensure all legal obligations are met e.g. GDPR requirements, while having retention policies in place to meet other critical business and legal requirements is critical for our business and for many. This is not current possible which presents risk and overhead.
-
AdminChristopher Drubka
(Admin, Box)
commented
Currently, files can have their retention timeframe extended by moving it to a more conservative (longer) folder. However, this is not possible to do to shorten the policy. We need this functionality to avoid additional risk when our internal or regulatory standards change.