Experts urge companies to revisit their data retention policies to ensure that they are culling information archives effectively.
In the era of big data, knowing what information to get rid of—a practice called proactive disposition—is just as important as knowing what to keep. But the tendency in many workplaces is to keep everything. In an October 2012 study on data retention by Cohasset Associates, Inc., a management consulting firm, more than 90 percent of respondents said areas of their companies had a “fear” of deleting information, and as a result, they tended to “over retain” or “hoard” data.
Deletion anxiety is not unfounded. In 2006, under amended Federal Rules of Civil Procedure, electronically stored information (ESI), such as e-mail, was deemed discoverable in civil litigation, which means opposing parties must disclose all the relevant electronic information the other team requests in e-discovery. If they are found to have deleted relevant information, it may hurt their case or result in fines or, in some circumstances, criminal charges. That factor has made companies reluctant to throw out files.
“We’re afraid to let go. We’re afraid to delete,” says Carol Stainbrook, executive director of the consulting practice at Cohasset Associates, who helps companies develop information management policies.
The rapid advancement of cloud technology and its ability to store copious amounts of data has only fueled the fire of hyper-preservation. “I think a lot of the enterprises get in the mind-set that, ‘well, okay, storage is so much cheaper now, and we’ve got all the storage we can use, why not save things?’ The reason is because it creates problems down the line,” says David Horrigan, an analyst for the 451 Group, and an expert in e-discovery and information governance.
The data duplication and re-creation of document files that’s involved in everyday computing tasks only compounds the problem. “It’s not just keeping too much data, it’s creating too much data,” Horrigan says. “People don’t realize how much data they’re creating every time they add new people to an e-mail thread. That data has multiple copies…. And then on top of that, [they’re] saving data they may not need to be saving.”
Companies can implement both technological and human solutions to sift through the noise of all that information so that, should they be subject to litigation, the e-discovery process will be more manageable and efficient. Horrigan encourages a practical, hands-on approach to information management. “The idea is to move it from reactive e-discovery, to proactive information governance where you’re constantly governing and managing this data which you have,” he says, adding “and when the regulators come calling or you get the subpoena in the mail, it’s not a last-minute fire drill.”
Horrigan emphasizes that having a responsible records-management policy that includes routine disposition will make e-discovery much easier. “A general rule is, for almost any sort of information: if you can get rid of it, do get rid of it,” he says. “When I say, ‘if you can get rid of it,’ that means from both a business standpoint and a legal standpoint.”
When working with clients, Stainbrook takes a comprehensive and categorized approach to the data. “You should have broad categories of information, not individual document titles. It’s really challenging to apply a minute set of rules to a big set of information, to have to be able to classify down to the exact document type,” she says. “It’s our goal to have approximately 100 categories, maybe fewer, that cover everything that the organization keeps, from their corporate secretary records to their HR records to whatever their primary business is.”
While technology is crucial to a successful records management program, Horrigan emphasizes that people are ultimately the key. “We’re not at a stage yet where you can just click a button and have everything done. The tools can do pretty remarkable things that they couldn’t do just a few years ago, but the human interaction in this process is key,” he says.
Security Management spoke with one executive at a midsize retail company about the challenges of implementing this type of proactive disposition policy. This executive oversees the records management program at her business, and she was willing to discuss her experience in transitioning to a new policy as long as she and the company were not named.
She says that deleting information was tough for employees, because the corporate culture had been one of keeping everything forever. “It’s been a cultural shock for us,” says the executive.
The company began the transition to the new policy in 2007. It has systematically been going through all the issues, including looking at the different buckets of physical paperwork, reviewing the electronic [unstructured and structured] databases, establishing who has ownership over those records, and determining what the retention policy is for each type.
While attempting the cleanup process, she says, the IT and legal departments showed the most resistance to proactive disposition. “I’ve found traditionally that IT is the most challenging [unit] to implement a program like this. They…tend to be packrats and really want to keep it.” As for legal, they “tend to really want to issue very broad ‘hold’ statements as litigation comes up, so it’s very easy for them to say…make a copy of everything and don’t destroy anything,” she says.
But this executive has found that reasoning with these departments from a business standpoint has generated an overall positive response. “You equate it to ‘[the hold] is going to cost you X amount of dollars.’ When you start putting it into business terms about what that hold actually means…they will be a little more refined in their requests for what needs to be put on hold, which is a win for everybody,” she says.
She concludes that having everyone at the company on board, from the top level down, has been the key to her company’s records management program. “I don’t think this program would have any success at all without that support from our CEO and president of the company,” she says. “You just have to start picking off project by project, element by element and raising awareness, and before you realize it, you gain momentum and support for it.”
This company is on the right track in the eyes of people like Stainbrook. “We’re really hoping that the tide turns,” she says, “and attorneys will start seeing that the risk is in over-retaining information, over-preserving, and that there will be more and more light shed on the need to dispose of what’s eligible.”