How Long Should I Keep This Data?

June 16, 2015
Robert Cruz

We are increasingly being asked this question from organizations – companies looking for best practice to preserve information that has value, along with enforceable practices to get rid of that which does not. For those in regulated industries, the minimum retention period is relatively straight forward (e.g. at least 3 years for broker-dealer communications, 6 years under HIPAA Section 164, 3 years for many state revenue departments, etc.) – but what is also clear is that the ‘big red button’ remains elusive, with some estimates indicating that over 70% of organizations continue to keep everything forever (1).

Some of the common reasons we hear that companies continue to follow this practice include:

  •  Legal team concern of spoliation risk given litigation patterns;
  •  Lack of systems to automate policy enforcement;
  •  Reliance upon end users to make policy decisions;
  •  Lack of forums or processes for cross-functional stakeholders to agree on policies

However, according to Gartner’s “Best Practices for Data Retention and Policy Creation Will Lower Costs and Reduce Risks” (2) , the top concern in managing aged data is more fundamental: 50% of organizations simply do not have an understanding of what the aged data is and what can be discarded. This would indicate that ‘keep everything’ practice is not just an issue centering on process or technology, it is a problem of visibility – visibility into what value and risk may exist in information repositories, as well as visibility at executive levels of the implications of this issue.

But, the increased frequency of this question may be an early indicator that the tide is beginning to shift in 2015. Several key market forces are contributing:

  •  The Year of Data Breach: the existence of additional information can equate directly to greater risk surface area and potential for economic loss. Start with Sony.
  •  According to the Norton Rose Fulbright Litigation Trend report (3), 43% of surveyed corporations had at least 1 regulatory proceeding opened against it in 2014 – activities that became uch more complex, time consuming and expensive given unstoppable data growth;
  •  In the same Norton report, 2014 saw the number of survey respondents spending more than $5M annually on eDiscovery increase to 35% versus 27% in 2012 – a spend level that is not too difficult to attain when downstream legal review resources are wasting effort reviewing documents (at a rate of $20K per GB) that could have otherwise been filtered and eliminated upstream.

Predictive analytics and auto classification technologies have great promise in finding new ways to improve insight into aged data, but don’t address the fundamental problem of determining how to get rid of stuff.

So, what steps can organizations take to begin to gain the upper hand over the ‘keep everything forever’ mentality? Join us for our webinar this Wednesday for a discussion with Information Governance industry expert Dhiren Patel in a review of industry best practices.