Retain different backups for different fixed periods.
Differentiating different sorts of backups based on their retention time is a sound practice. The most common approach is to (a) schedule incremental backups (where only changes are backed up) on a nightly basis and retain these for a month, reusing the same media on the same day each month. (b) schedule full backups on a weekly basis, saving these for a month and reusing the weekly backups every month. (c) retain monthly full backups for two years. (d) use the last monthly backup of each year as the annual backup and retain it indefinitely. This scheme creates overlapping backups so that even if one fails others will be available with much of the same data.
Retain backup data, like all content, based on a
business value assessment, legal, and contractual requirements.
Backup retention periods should be based on the business value of the information in the backups, its availability for use, the capacity of the backup solution to retain data for long durations, and legal or regulatory retention requirements. This ultimately requires that a valuation of data relative to its retention value be made. This is strongly advised for any company of substantial size and is often mandatory for any company that has regulatory compliance requirements. In this analysis, results should include retention time requirements as well as business value associated with retention or loss. Based on this assessment, backup retention requirements, data classification, and backup processes can be defined suited to the need. This also implies the need to consider data life cycle considerations, and this is critical for compliance with court orders and other similar legal and regulatory compliance matters. In data life cycle issues should be considered including duration of retention for normal legal purposes and tracking of data on backups so that court orders to retain data can be fulfilled in backup media as well as in primary systems. For more details on retention and disposition issues refer to The Sedona Conference at https://thesedonaconference.org/
Don't worry about retention periods.
This approach historically leads to backup failures and loss of business value. In some cases this results in business failure, while in other cases very expensive forensic processes result from inadequate backup retention.