Wednesday, 22 July 2015

Stop Data Hoarding
Storage has become so cheap so fast that we think nothing of storing five slightly different, slightly blurry copies of the same photo on our phones, in hopes that one turns out well. We store old files and folders on our computers, thinking we might use them in the future, but in reality, up to 80% of our documents are not accessed for three to five years from the time they were saved. Companies store many years worth of customer and employee data and internal communications, much of it sensitive and dangerous in the event of a data breach, system hack, or litigation.
These behaviors are ingrained in our technologically overwhelmed brains, but how do we stop the hoarding habit? The dangers are worse than we think:
  1. Storage is cheap, but it still costs money. Hoarding data increases company expenditures on infrastructure, including storage of old tapes, transitions from old servers and systems to newer ones, data migration, and possible disaster-recovery efforts.
  2. Declining employee productivity. More data typically means less organization and more unwanted records, so it is harder to find what is needed, especially in an emergency. When searching records gets difficult, employees may give up or miss relevant content because there is just too much unnecessary information clouding the search.
  3. Organizational breakdown. Who from your business is responsible for storing only relevant data for a relevant time period? Typically, it is not IT, records management, or a member of the C-suite. The quantity of retained information is doubling each year, but budgets are contracting, overseen by the officers of the business. If there aren’t enough internal policies or employees to address the limiting of data, it can lead to internal miscommunication, decreasing organization of records, a lack of focus on thinning unnecessary records, and continued bulking-up of data.
  4. Expenses involved in litigation. A company has the obligation to preserve and produce whatever relevant data a company has when a legal matter arises, including records, emails, and internal company documents. But in order to determine what is potentially relevant for discovery, attorneys must review any related records in what is often a long, expensive process, made longer and more expensive by more data.
  5. Hackers and lost data. Cyber-attacks are becoming an everyday reality for businesses of all kinds, and data-breach litigation has reached an all-time high. The more customer data your business keeps indefinitely, the more risk it takes on in the event of a hack or breach, and the more it will cost you long term, due to state requirements forcing disclosure of the breach to affected customers.

Data-Retention Policy Recommendation

Limiting data saved by your business facilitates lower storage and transition costs, promotes organization of the data itself, makes it easier to create and comply with data-deletion policies, limits litigation costs, and curtails damage from breaches or thefts.
A data-retention policy that addresses which records to keep, which to dispose of, and how long to keep both types of data enables good business practices that are easy for all employees to follow. Your attorney should be familiar with your business, regulatory retention policies in your business’s sector, and the interaction of the policy with privacy, Internet, and other company policies before drafting effective internal records-retention rules. Depending on the nature of your business, a good data-retention policy may include:
  • A requirement of employees to make good-faith, reasonable efforts to meet recordkeeping obligations and to document those efforts.
  • An obligation to keep a copy of all relevant information, but not all copies of all relevant information. Backup copies are often not necessary.
  • A requirement to discard sensitive customer information, like Social Security numbers or credit card information, once a transaction has concluded.
  • A procedure for saving or discarding internal company emails and memoranda and a categorization of which documents to save and which to discard.
  • An option to provide for an external expert familiar with information disposal standards to inventory, organize, and eliminate some current records and data.
  • A structure that facilitates quick searching for relevant records.
  • A check of electronic security rules and procedures that protect retained records.
An added benefit of a complete records-retention policy is the distribution of ownership of records to all employees, with oversight by one department or executive. The workload to maintain an effective records management system is manageable when saved records are limited only to those necessary to keep.