Overcoming Barriers to Data Disposal
Second in a series by H5’s James Wolf about defensible deletion. In this post, James discusses a few obstacles that can stand in the way of disposing of unnecessary data and how to move the effort forward.
Much Talk, Little Action
With all the talk about the need for and benefits of “defensible deletion,” it’s a wonder that everyone is NOT doing it! It’s only common sense that getting rid of electronically stored information that your business no longer needs or is not obligated to keep is a good idea. Who could be opposed to reducing cost and risk? But even though the volume of data is ballooning out of control, when the effort it takes to dispose of the unnecessary stuff is weighed against other corporate priorities and initiatives, data disposal seems to end up squarely on the back burner. Why is that?
It’s Not Really IT’s Problem
There are myriad reasons. For one thing, the data volume problem (if it is perceived as a problem at all) is pretty much invisible outside of IT. But, although they’re the group responsible for ensuring that the company has the infrastructure to handle whatever data exists, disposing of unnecessary information is not really their responsibility. How can they know what’s unnecessary? They may be thinking about data security, storage conservation and maintenance fees, but it’s not for them to consider factors that can seriously impact the business, like the killer risk of eDiscovery costs should litigation enter the picture. That’s because “content” is not in their purview. IT may own responsibility for the data, but ultimately it has no responsibility, authority, budget, or knowledge of content.
Managing data volume requires an effort that must be championed at a high level, outside of IT, which leads to the next challenge: getting the proper buy-in. This effort has to be sold as (and actually is) a company issue, not a departmental one; it’s unlikely that anyone will step up and claim it in their department’s budget when the competition for dollars comprises so many other, probably more sexy, business initiatives. The higher up the data disposal issue goes, the more likely it will be addressed as a corporate initiative in its own right.
Even though everyone might agree that data disposal is a good idea, in order to actually get a disposal initiative moving, the following three things must exist: 1) executive buy-in; 2) a cross functional team that includes all of the stakeholders including IT, Legal, RIM, and lines-of-business, and 3) the expertise to develop the plan and execute it.
Recognize and Sell the ROI
So, how do you get everyone involved? For one thing, you need to make a convincing argument that it is worthwhile, and to do that you need to drill into the ROI. There are obvious cost-savings related to the IT infrastructure and resources required to maintain it, but that’s not really the big-ticket item. Data disposal is like an insurance policy. It’s about risk. You may not ever suffer from the effects of not doing it, but then again, you may find your world devastated if you don’t.
A few years ago, a major chemical company conducted a study after a series of document-intensive litigations and discovered that over 60% of the data collected, processed, reviewed and even produced should not have been in the company’s possession as per their own retention policies at the time the legal hold was issued. This translated into multi-millions of dollars of wasted spend during litigation. If the company had been more proactive in enforcing its own RIM policies, training employees on best practices around their own data retention habits and disposing of unnecessary data as a matter of course, they would have been able to use the millions they spent unnecessarily on more productive business pursuits.
If you consider how often your company conducts or is subject to an investigation, how often documents are collected, preserved and produced in litigation and the overall cost of storage and management of the information you have, that is a good start on determining the ROI you can get from a good disposal effort. Even if you company has not been subject to such events, if it is a growing business it’s likely to come up against them in the future. Learn from the experience of others: this can be a time bomb waiting to go off.
Another ROI argument might be to consider the risk of doing nothing, or waiting until later to do something. What are the high profile/high cost risks that your company faces? Consider eDiscovery costs, as mentioned above. Consider data privacy risks—if the data isn’t there, it can’t be stolen or hacked and you are less at-risk for a breach of confidentiality or privacy. Consider the IT costs and complexity associated with the ever growing data population in your company; it’s not just server costs, but all of the infrastructure, resource, maintenance and support costs that go along with it.
Focus on One Data Store at a Time
In most companies, data is everywhere, and the number of places it can be is ever-growing. It is unstoppable, so the problem is only going to get bigger. Rather than trying to sell an enterprise-wide solution that boils the ocean, start with easier sells: take data sources piecemeal, evaluate them individually and find a way to defensibly eradicate the excess to build a success story. Success breeds success, so you may find the next effort easier for the company to swallow. And remember that appropriate expertise to help you design and execute the solution may not reside in-house, so be prepared to seek external assistance.
Finally, remember the primary goal when selling this effort: find and retain what your company must keep so that you can defensibly dispose of the rest.
James Wolf leads H5’s Information Governance practice. In that capacity, James manages new business development with leading corporations, law firms, and strategic partners pertaining to records retention, legal-hold management, preservation for litigation, and defensible data disposition. James has over 20 years of technology and legal industry experience, spanning software engineering, product development, IT, marketing and business development.
To hear James’ perspective on defensible deletion, view the H5-Jordan Lawrence webcast:
Getting to Defensible Deletion – A Roadmap for Legal and IT