Tech, Organizational FactorsBy Anne Kershaw | Posted 2012-04-16 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Eighty percent of ostensibly “active” files and folders have not been accessed for three to five years, resulting in unnecessary IT expenditures. Yet, most of the costs associated with unnecessary data hoarding are hidden.
Tech, Organizational Factors
The massive accumulation of unnecessary data is a phenomenon that stems from several technical and organizational factors. From a technology standpoint, the growth of high-bandwidth Internet connections and the decrease in the price of drive storage have made it very easy to move and store large numbers of documents and files. Few managers were concerned about what was being stored when it seemed on the surface to be so cheap to just keep everything.
From an organizational standpoint, typically no one is actively involved in limiting the amount of data that is being stored. Records management is concerned with the retention of scheduled records: important business documents or other documents that have been identified as being official records of the company. IT provides and maintains the organization’s network infrastructure, but not the data within it.
Business unit managers don’t see a budget line item for all the costs associated with unused or unneeded data, so they don’t make it a management priority—at least, not until hundreds of gigabytes get swept up in a legal matter or government investigation, and the bill for legal review hits their desks or email inboxes. This is often the corporate coronary event that motivates companies to clean up their records.
So what should a company do if it decides it would like to reduce the risks and costs associated with data hoarding or over-retention?
The first thing is to understand that to the extent data preservation is driven by a concern about legal obligations, the touchstone for avoiding legal difficulties is to make good-faith, reasonable efforts to meet recordkeeping obligations and, ideally, to document those efforts. Perfection is not required.
Furthermore, the company normally is obligated to keep only “a” copy of relevant information, not “all” copies. For example, if data is on the active server, there’s little or no need to keep all backups. Recognizing this simple fact can sometimes enable corporations to dispose of tens of thousands of unneeded backup tapes at an enormous savings.
The second thing is to appreciate that having an experienced and properly insured outside consultant or expert who is willing to go on record as authorizing the final disposition of records can facilitate the process. No one inside the organization is comfortable saying “throw it out,” and many employees are fully engaged in their normal duties and cannot devote the time that an electronic data housecleaning project requires. They also may not be familiar with the legal standards governing disposition of information and would feel more comfortable having someone else assume the responsibility for directing the disposal of unneeded data and for being the one whose deposition may ultimately be taken, should anyone question the disposition decision.
When a housecleaning program is launched, the records retention and legal hold programs are reviewed to confirm that they include electronic information and are operating in a reasonable and defensible fashion. The basic inquiry here is whether it appears that the proper documents and information are being placed on hold when litigation arises, and that the holds are effective or followed.
As part of the process, a company can also identify those legal holds that have proved particularly burdensome to comply with, with an eye toward potentially narrowing the scope of the hold, renegotiating the hold with the adverse parties or seeking relief from the court. In fact, courts are becoming especially sensitive to the dollar and other costs associated with overly broad preservation efforts.