BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Data Deluge: The Problem Is, You Can't Keep Everything

This article is more than 10 years old.

Guest post written by Dan Roffman

Dan Roffman is managing director in FTI Consulting's technology segment.

According to a 2011 report from the McKinsey Global Institute, many large U.S. companies now have more data stored than the U.S. Library of Congress. Faced with ever-expanding quantities of data, corporate execs and IT pros are becoming increasingly concerned with data management.

The vast amount of email, documents and other data raises the cost of operations. It increases the risk that sensitive information, such as proprietary data or customers’ personally identifiable information, may fall into the wrong hands. The data deluge also presents litigation risks and can lead to steep electronic discovery costs.

The good news is that even as data costs and risks mount, a consensus has begun to emerge as to the best practices for defensible data destruction and retention. We offer five tips to develop and implement better policies and practices.

  • Tip #1: Map Your Data

Sometimes companies are driven to tackle their approach to data destruction and retention by an event, such as an acquisition, investigation, layoffs, or a company wind-down. Other times, e-discovery costs lead a company to seek a better approach. More companies, however, are taking a proactive approach - before these events take over.

Creating an effective data destruction/retention program starts with data mapping.

A data map documents the data a company has and creates, details how the information is used in the normal course of operation, tracks the “gurus” who know about these data sets, and establishes how long data is retained. Data maps should be comprehensive, covering active and archived email, documents, and “structured data” contained in financial, HR and marketing systems. A company also can start by creating a limited data map that traces specific sources of data, such as email.

Data is a key asset; and mapping it enables access to important sources of information. A data map is crucial to identifying duplicative data that can be consolidated, and relevant data that needs to be kept for regulatory and operational reasons. The map becomes a powerful tool in litigation; if a company understands the sources of data involved in a case, counsel can open negotiations knowing the potential costs.

  • Tip #2: Control Your Costs

Companies can control the costs of their data destruction/retention programs by tailoring their approach to the problems at hand.

Often, companies try to do too much: they have been convinced that fixing their problems requires throwing money at a technology solution. But a company can effect change without a large outlay by, for example, revising its data retention policy and stepping up training efforts.

Further, companies don’t need to tackle all of their data retention issues at once. A company can reduce duplicative data by focusing on the systems that have the greatest redundancies, such as email, significantly reducing the cost of e-discovery down the road.

  • Tip #3: Update Your Policy

Companies should have a data retention/destruction policy, and should regularly update their policy. It should be tailored to address industry and local regulatory requirements, and should be enforceable, yet flexible. For example, the policy may call for a general auto delete of data at fixed time periods, but there should be a system to override the auto delete function once the company has a reasonable expectation of litigation.

You also need a game plan that addresses how the company will respond to potential litigation. The policy should specify the people who will be responsible for managing data retention across the company, including corporate counsel, and human resources and IT professionals.

The policy should be easy to understand and transparent to a wide range of employees who may be affected by data retention activities. Creating transparency helps put employees at ease when data retention efforts are triggered. And if the company is in crisis, having a plan in place enables the company to respond more effectively.

  • Tip #4: Audit Your Policy, Train Your Employees

A policy left on the shelf isn’t much use to anyone. Companies need to audit their policies to ensure internal compliance is consistent—that no one is being given a pass to retain data longer than the policy allows without an approved purpose (such as pending litigation).

Companies also should provide regular training to ensure employees understand the policy and their role in carrying it out, including the types of incidents that may trigger the need to retain data. Refresher training can be accomplished through online tools.

  • Tip #5: Review Your Technology Options

There is a wide array of technological solutions to manage data destruction. Some solutions are tailored to alleviate “pain points” within the company where data redundancies are most troublesome. There are ad-hoc solutions and built-in solutions - particularly with newer technology. Corporate and IT staff should think about data destruction/retention whenever considering IT purchases and upgrades.

The implications of failing to act on data destruction and retention issues can be costly. Unnecessarily retained data creates legal and business risks, and increases operational costs. Companies can significantly mitigate these risks and costs by taking a few proactive steps to improve their approach.