Few things may get an information management enthusiast’s (do those even exist?) nerd juices flowing like a secure, well organized, and maintained unified archive. I can just imagine all of the emails, text messages, and social media posts flowing beautifully through all systems like a golden river of compliance… the sound of the judge’s gavel sounding victory in a court case that was won with solid eDiscovery drawn from a complete archive…. Extensive company audits that run smoothly like a hot knife through butter… Ok. Let’s get back on topic.
Like I said, data storage is good. It is foolish to risk the fines that come with non-compliance and data loss. Some people, however, take it too far. There is absolutely NO reason that your company needs to store an email from twelve years ago inquiring about sixteen pizzas for your company party (We don’t actually know anyone with an email like this stored, but if you do, please let us know. We’d love to start a new TV series “Data Hoarders”.)
What is Defensible Deletion?
Defensible deletion is the practice of methodically deleting electronically stored information (ESI) when it is no longer useful. We recommend starting by consolidating data from high risk mediums to low risk mediums, such as one secure unified archive (such as Retain!) It will be most effective to start with the high volume, high risk mediums, such as legacy backup tapes. These contains snapshots of information at any given time, and could pose a big security risk if they were to fall into the wrong hands. Mediums that archive using PST files also pose a data loss and security threat as well. A few years ago, Inside Counsel made a chart to assess the volume and risk of different storage mediums. I have added to this and included it below as a guide.
Setting up a Defensible Deletion Policy
There is a fine line between sound archiving practices and excessive data hoarding. Compliance laws and regulations vary in their requirements for how long data should be stored. Once you know what you are legally required to retain (Click the ‘Industries’ button in the menu here), you can go about implementing a Defensible Deletion policy.
Defensible deletion addresses two critical IT problems:
- Over time data storage builds up and begins to weigh on infrastructure. Email servers slow down, networks start to lag, etc. Email platforms such as Exchange, for example, lack single instance storage which compounds the problem
- Having too much data lying around on too many different storage mediums also poses a security threat, as it becomes very difficult to build security around all of them. Because storage technology is rapidly changing, information may be stored on a handful of mediums, such as legacy backup tapes, servers, archives, networks, desktops, offsite backups, cloud servers, etc. While this ensures that data will exist when it is needed, data archiving best practices say that sensitive data should be stored in as few locations as possible in order to maximize security.
Data hoarding creates a scenario where copies of an important email with financial information, for example, could be lurking on desktops, legacy backups, PST files, an email inbox archive, etc. Yes, this email is important to archive; but, its security is also critical. If data governance is not organized and efficient, this makes it impossible to simultaneously fulfill security goals and information management goals.
Manage Your Data with Retain
Retain Unified Archiving provides the perfect home for your data (and rest for your IT team!) It is exceptionally secure. It employs single instance storage, reducing the load on your email server, or, you can move your archive to the cloud to further reduce your technology infrastructure. With your email, text messages, and social media communication data stored in Retain, you can then remove the archived data from other locations (such as your Exchange server) and optimize server performance.
Once your data is consolidated in Retain, features such as policy-based archiving make it simple to maintain your Defensible Deletion policy. Information can be tagged and classified, and retention rules can be set. For example, if you know that your retention policy requires a seven year retention of data, you can safely set your archive to defensibly delete the archived data after seven years.
If you are methodically storing your company’s data right now, we applaud you. It is a wise investment! Our team would love to help you take this one step further by consolidating this storage and implementing a healthy Defensible Deletion policy. We would love to consult with you and see how Retain can keep you off of the next episode of Data Hoarders! (Seriously, could be an interesting series.)
Photo Credit: Farzad Nazifi licensed under CC by 1.0