In general, the CIO’s ethic is to preserve data at all cost. In the post-Enron era, that ethos is running smack into a more powerful corporate urge to get rid of any compromising data.
“I think, because of Enron, you’ll see executives more focused on making sure there’s nothing that will make us look bad,” says Avram Kornberg, CTO of Oppenheimer Funds in New York City.
So what’s a good CIO to do?
For starters, you should initiate the development of a clear-cut corporate policy that spells out when data should be preserved and when it is appropriate to delete it, if only to save storage space for future data. And once that policy is in place, the CIO’s responsibility is to raise objections if someone in your company asks you to delete data in a way that does not conform to company policy?or to legal policy.
“What happens is a CIO might get an order to delete something and he’ll nod and say that’s fine, thinking nothing of the request, but then the obscure machinery of fate exposes this and people think you’ve done something unethical,” says Colin Potts, a privacy and technology expert who specializes in ethical issues as associate professor of computing at Georgia Tech. “It is not enough to have good intentions in IT, to think as long as you’re not stealing or lying you’re ethical. You have to look at it like engineering; you have to think about the technical consequences of what you’re doing.”
This means CIOs should save data, not delete it, unless there’s an extremely sound reason to delete it. Even then, don’t assume that data’s deleted in the true sense of the word. Technology forensics experts can recover quite a bit of deleted data.
“The CIO will always be somewhat on the line for this,” argues Thomas Bodenberg, a senior research associate at The Conference Board in New York City. “He has the tools.”