End of year is the best time to clean up your firm's data hygiene before things reset for another year of audits, tax lodgements, and client engagements. Here's a five-point checklist you can run in about an hour.

1. Review your active data rooms

Every data room you opened for an engagement this year is a liability until you close it. Pull the list. For each one, ask: is the engagement complete? Is anyone still actively using it? Should it be archived or revoked?

Archived rooms should keep the audit trail but prevent new access. Deleted rooms should remove everything but preserve the audit metadata for your records. Most good VDRs make this distinction easy.

2. Revoke stale access links

Access links have an expiry date — in theory. In practice, many get extended, re-sent, or just forgotten. Pull a list of all active access links. Any link that hasn't been used in 60+ days should be revoked. Any link where the intended recipient has finished their work should be revoked. You want a clean slate going into the new year.

3. Review team member access

Has anyone left the firm this year? Changed roles? Been promoted? Demoted? Take five minutes and walk through your admin users list. For each person: is their current access appropriate? Are they in the right permission group? Do they have any lingering accounts from prior roles?

This is the single most common cause of "how did THAT happen" incidents — former staff or role-changed staff with leftover access they shouldn't have.

4. Check your backup and retention posture

The ATO requires you to keep tax records for five years. Other regulators have their own rules. Do a quick sanity check that your retention is actually happening: backups running, audit logs preserved, archived rooms still accessible. If you can't find a file from 18 months ago in under a minute, there's a problem.

5. Spot-check the audit trail

Pick one sensitive document you shared this year. Pull its full audit trail — who viewed it, when, from where, for how long. If the trail is complete and makes sense, you're in good shape. If there are gaps, unexpected viewers, or missing data, you've got something to investigate before the year closes.

Why this matters at year-end

This isn't just hygiene — it's also evidence. If something goes wrong in January, you want to be able to say "we did our year-end review on X date and everything was accounted for." That's a strong defence to a professional negligence claim, and it only takes an hour.