diff --git a/src/routes/settings.js b/src/routes/settings.js
index f4b2c022d..85bce2826 100644
--- a/src/routes/settings.js
+++ b/src/routes/settings.js
@@ -106,7 +106,7 @@ function setBackupConfig(req, res, next) {
     if (typeof req.body.format !== 'string') return next(new HttpError(400, 'format must be a string'));
     if ('acceptSelfSignedCerts' in req.body && typeof req.body.acceptSelfSignedCerts !== 'boolean') return next(new HttpError(400, 'format must be a boolean'));
 
-    if (!req.body.retentionPolicy || typeof req.body.retentionPolicy !== 'object' || Object.keys(req.body.retentionPolicy) === 0) return next(new HttpError(400, 'retentionPolicy is required'));
+    if (!req.body.retentionPolicy || typeof req.body.retentionPolicy !== 'object') return next(new HttpError(400, 'retentionPolicy is required'));
 
     // testing the backup using put/del takes a bit of time at times
     req.clearTimeout();
diff --git a/src/settings.js b/src/settings.js
index d4f2751bd..6a9090320 100644
--- a/src/settings.js
+++ b/src/settings.js
@@ -386,12 +386,7 @@ function getBackupConfig(callback) {
         if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.BACKUP_CONFIG_KEY]);
         if (error) return callback(error);
 
-        var tmp = JSON.parse(value);
-
-        // ensure we have a proper retention policy, the rest api checks for validity on settings at the moment
-        if (!tmp.retentionPolicy || Object.keys(tmp.retentionPolicy).length === 0) tmp.retentionPolicy = gDefaults[exports.BACKUP_CONFIG_KEY].retentionPolicy;
-
-        callback(null, tmp); // provider, token, password, region, prefix, bucket
+        callback(null, JSON.parse(value)); // provider, token, password, region, prefix, bucket
     });
 }