We all are, at one point or another, hoarders. Unlike the ones you see on TV, however, what we hoard isn’t directly in front of us, reminding us we’re overdue for some Spring-cleaning, but it’s equally capable of getting us in trouble with the law.
What we hoard is data—usually redundant, obsolete, or trivial. And while your logic might be sound in living by “just in case”, the longer you hold onto this data, the more susceptible you are to litigation and liability claims, as well as rising storage costs.
The Solution: Defensible Deletion
Defensible deletion is the system of deleting records that are no longer needed for compliance or business. It's essential not only to document management but, more importantly, document control, which deals more with regulating information retention and workflow. 96% of industry professionals believe that a defensible deletion strategy is “absolutely necessary” to effective records management.
But having confidence in what you’re deleting is half the battle. Defensible deletion is not simply a matter of having the guts to press the “delete” button. Rather, there are information governance guidelines to follow when dealing with corporate data. That being said, here’s how to set up an effective policy:
1. Ensure Cooperation Between Departments
As we’ve said before, management buy-in is key, as managers are held directly responsible in audits. You’ll also have to do some coordinating between both your IT and legal departments. Make sure their policies with retention are aligned. What files need to be kept and for how long might be a matter of opinion but that should not be the case.
Consequently, you need to discuss the implementation of policies that address both the organization’s information requirements and legal retention requirements. This not only ensures that costs will be kept consistently at bay because unnecessary data won’t be permanently stored in the system, but it also provides you with control over the lifecycle of all potentially harmful information.
Lastly, make sure you coordinate with IT or department heads and legal on how to organize and preserve key files during a retention or litigation period, and designate who is responsible for them.
2. Have the Right Archiving Technology in Place
Your software is what enforces the policy you’ve worked to put into place—make sure it’s fully capable of what you want it to do. Archiving software involves indexing metadata to organize information that is pertinent to your organization’s business or legal proceedings.
Archiving solutions also set expiration dates on files according to the restrictions you’ve decided on with your team. This frees up storage space and removes data that can be used against you legally.
3. Assess Risk and Liability
To take account of and evaluate your corporate data, which could be spread among multiple platforms, is a tremendous undertaking. But a lack of awareness could result in a lawsuit. Our friends at Inside Council pretty effectively illustrate how at-risk your data is, depending on its location:
|
Volume of Storage |
Data Risk and Liability |
Desktops: |
Low |
Medium |
Network Servers: |
High |
Low |
Email Servers: |
Low |
High |
Legacy Backup Tapes: |
High |
High |
As we learned from the massive Sony hack, the first place anyone looks for sensitive information (or damning evidence) is in your email. Meanwhile, your legacy backup is anything and everything you’ve ever worked with at anytime. You’d honestly be crazy not to find this daunting.
However, a solid game plan that prioritizes defensible deletion implementation at high-risk locations and maps out exactly what to do at each risk-level is achievable with minimal stress if you’ve established congruence with your teams and between departments.
Clear policy and technology make for a document control solution that could save your company. That shouldn’t be too hard: you’re all united by the common cause of not getting sued, after all.