Data retention is an issue at the forefront of everybody's minds right now. Sarbanes-Oxley has a seven-year requirement. Gramm-Leach-Bliley, HIPAA and the new PCI requirements all require data retention in some form. In any case you need a policy. Some tips from practitioners: Understand your industry and the specific requirements; get a grip on email and instant messages and other communications; and consider automated solutions. Electronic content management systems seem like a luxury for a lot of companies, especially nonaccelerated or nonfilers. But you would be wise to consider the savings against the cost. It would be more wise to invest now rather than suffer later.  

For more:
- here's an article [1] from Business Review

Related Articles:
Corralling data retention may require major steps. Article [1]
Is your reference data in shape? Article [1]