Defining a document retention policy is now necessary across a wide range of industries and businesses. Certain records must be deleted after a certain period of time for compliance, while others need to be removed because they contain outdated and potentially dangerous information.
As technology has evolved, however, it has become increasingly difficult to enforce these policies. New documents are now created at a stunning rate thanks to enhanced word processing software and the millions of automated technical, test, financial, security and customer reports created each day.
To add to this, while at one point most documents stayed on a business’s internal network, these days that’s increasingly uncommon. With the increase in work-from-home setups, cloud storage, and the ease of sharing, files are spread out all over the place. They could be on the internal network, with a third-party partner, on an employee’s home laptop and phone, or in the cloud.
As you can imagine, controlling documents across this broad range of networks and devices where you don’t have direct control isn’t an easy feat. Making things worse is the fact that copies of files can be made trivially, so you don’t just have to track down and remove access to the original file – but also each copy of it. There can also be screenshots of the document floating around or conversions to different formats, making this task near impossible.
Enforcing document retention with DRM
Digital Rights Management (DRM) systems provide a quite effective solution to these problems. By applying protection to the document before it is distributed, they’re able to ensure document retention enforcement regardless of where the document travels or which device it’s on. On top of this, it makes the copying of documents extremely difficult, so you no longer have to worry about tracking down those duplicates.
To achieve this, the best DRM solutions convert a PDF into a new encrypted format that’s only viewable in a bespoke viewer application by someone who has a license to do so. The application can enforce whatever controls were added at the time of the document’s publication, including (but not limited to):
- Automatic document expiry/revocation based on:
- A fixed date
- Number of days after opening
- Number of views
- Number of prints
- Manual remote revocation/deletion
- Anti-copying controls
- Printing controls (No printing or a certain number of prints)
- Anti-screenshotting controls
- Locking to specific devices
- Locking to specific locations
- Document view and print tracking
- Dynamic watermarks
- Anti editing and conversion controls
- API integration for automatic and batch protection
- Partial and full offline use
When an expiry period is defined in advance, the secure viewer application will check the end of life date of the document against the current date. If the document is not an offline one, this will happen against a server, which will also check whether the user has been revoked on an individual level.
If a document is revoked or has an expiry date set or changed after the fact, the process is similar. The document’s validity will be checked against the new date or revocation status on the server and the user will be denied access if the conditions are met.
It’s important that the system works this way, rather than just deleting the document, due to the proliferation of backups. If you simply delete the document from users’ devices, there’s no guarantee that they cannot restore the original file from a backup or copy from a messaging/ cloud service. By instead making the document inaccessible without a valid license, you ensure that even if they were to restore a copy, the application would still deny access.
In the case of a web-based viewer, the file is typically downloaded anew each time they’re used. By checking the expiry date and revocation status against the server when this happens, DRM can just stop the document from being opened when necessary.
While these systems may not be practical for every type of file, such as one that needs to be automatically read by different software, those files are likely to be within the reach of your internal network anyway.
For most file types and use cases, then, document DRM presents itself as a very attractive way to enforce document retention across a broad range of devices and locations. As well as doing its job well, it typically requires little overhead and isn’t too expensive to obtain a license for. This makes it pretty much a no-brainer for any business struggling with document retention.