4 Dangerous Myths about Data Disposal, Debunked

CIO — According to IDC, in 2008 the total amount of information created exceeded the total amount of usable space on every hard drive, tape, CD, DVD and solid state memory device ever created. At the same time, there's been an explosion of legal obligations for data, largely driven by expanded e-discovery requirements and the revisions to the Federal Rules of Civil Procedure.

Confusion about these legal obligations and a lack of communication between legal and IT have led companies down a path of "save everything." Indeed, even with data volumes increasing exponentially, 70 percent of companies still don't have a practice for disposing of information at the end of its life. As a result, data management and litigation costs are now totaling hundreds of millions and cost control is of critical importance.

There is a tremendous opportunity for companies to defensibly dispose of data and dramatically lower their data storage costs. In this article, we'll expose some of the myths that inhibit data disposal and challenge the organization to rethink how they deal with this issue.

Myth 1: We need to keep everything.

Often times, IT is under the impression that they need to keep everything because "legal needs it." In fact, there is no legal obligation to keep every piece of information. Companies do have specific obligations to keep data that is relevant to their lawsuits and to keep specific records for various government agencies (data subject to lawsuits falls under legal hold, and records required by regulators are prescribed on retention schedules). But because many companies manage these processes through spreadsheets and emails, they lack the ability to effectively communicate to IT what data should be preserved. Companies that implement rigorous, integrated processes for legal holds and retention which link legal, IT, and the business can manage data more efficiently and break the cycle of over-retaining data.

Myth 2: Storage is cheap.

The real cost of storing information is far greater than the cost of a gigabyte. Keeping everything not only increases data management costs, it also increases ediscovery costs, as legal has to sift through a greater volume of data for each matter. The total cost of a single employee's data in a single lawsuit can be as high as $200,000. The real cost of storing information to the corporation is far greater than the cost of a gigabyte; it includes the cost of managing many generations and types of data, the cost of complexity in IT, and the cost of discovery which all reduce the company's bottom line.

Myth 3: There's no way to tell what data is garbage.

There are only two reasons to retain and manage data: it has business value or there is a legal requirement. Understanding information's business value and tracking legal obligations can be systematically managed with relevant workflow across business coordinators, attorneys and IT staff - just as CRM systems track customer status across marketing, sales and customer service teams. The essential ingredients are a modern retention program across business groups, a data source catalog or inventory with governance workflow in IT, and legal holds management in legal. By linking retention schedules and legal holds to the data in the organization, IT can build the foundation for good information governance.

Myth 4: It's too hard and it can't be done perfectly.

Transforming legal holds and retention management processes can seem daunting, as it will likely require new applications in legal, retention management, and IT, as well as new communications procedures across the organization. But with data management costs hitting nine digits in most large companies, it's simply too costly not to begin reforming these processes now.

The good news is that you will find quite a few immediate savings opportunities, such as disposing of terminated employee data, disposing of legacy back-up tapes, retiring transaction system instances and their data, sweeping files off file shares that are beyond retention periods and not subject to hold, routine email disposition, routine tape recycling, eliminating redundant systems and stores and reclaiming storage capacity. You will also find that classification and automation are far more feasible with this structure in place.

So where to start? First, IT and legal departments need to work together to develop a systematized approach to legal holds and ensure that there is a common view of those holds across the organization. CIOs should insist that the legal department provide persistent, reliable information on all active legal holds for assets and employees and that the business provide a value inventory and retention schedules for all information, not just records. Once IT has visibility into the current holds and obligations of data, they can begin to build effective retention programs, and ultimately, defensibly dispose of data.

Tom Lahiff is a director with PricewaterhouseCoopers Advisory practice and previously served for 17 years in the corporate litigation group of Citigroup Inc., most recently as Assistant General Counsel, where he was responsible for a broad range of litigation matters and worked on developing and implementing a document retention schedule and legal hold processes.

Deidre Paknad is President and CEO of PSS Systems, a leading provider of legal information governance solutions, and founder of the Compliance Governance and Oversight Counsel (CGOC), a professional community on retention and preservation. Deidre is widely credited with having conceived of and launched the first commercial applications for legal holds, collections and retention management.

Follow everything from CIO.com on Twitter @CIOonline.