The business of IT is largely fluid, with change one of the few constants, but there are a number of ‘truths’ about the coin of the realm, information. Truisms like ‘not all information is created equal’, the venerable Garbage In, Garbage Out, and the five phases of information lifecycle: creation and receipt, distribution, use, maintenance, and disposition. However, while IT budgets are growing around 3-4% per year, information is growing in double and triple digits. Throw in duplications, backups, regulatory demands (GRC: Governance, Risk & Compliance) and even useless information, and IT has a huge and growing problem.
An emerging trend, if not yet a solution, is “Defensible (Data) Deletion”. Defensible deletion is a process for deleting information in a manner that an organization confidently feels it can defend if
challenged in litigation or regulatory action, said Barry Murphy, Co-Founder and Principal Analyst, eDJ Group. An e-discovery analyst and consulting firm, eDJ has just released the first report in their “Defensible Deletion” Series.
Interest in the topic started last summer when Big Data first came up, said Murphy. His company was talking to organizations that while the market was saying storage is cheap and you can store forever, they said we have to get rid of this stuff. “The cost of storage is going up, risk is going up, and most of this stuff is junk!”
One of the issues is that unstructured data – information that doesn’t fit well into traditional databases, i.e. engineering files, big GIFs and JPEGs – is way more prevalent than structured, and way more storage-intensive than structured, said Murphy. “It’s just not sustainable to keep everything forever.”
Key findings of the study included 96.1% believed that defensible deletion is a necessity in managing growing volumes of data. But while 87.9% of respondents have document retention policies, only 7.8% had technology supporting it across all systems, he said, with another 58% able to defensibly delete for some of their systems. “Our main finding was that organizations are only sporadically deleting information.” Email was the low-hanging fruit, with 60% getting rid of them in some kind of systematic fashion. It was only 33% for file systems, 20% across other collaboration systems, and just 10% across social media.
The top strategies for moving forward with defensible deletion are:
-be sure to have a formal, documented, and effective legal hold process in place on critical systems;
-prioritize information for deletion;
-strive for consistency;
-use multiple measures to initiate projects; and
-centralized ownership of defensible deletion projects can help.
Murphy sees a three-step process, starting with organizations implementing legal hold processes, a defensible deletion ability to hold deletions. Then organizations will start to look at auto-classification, try and use Big Data and analytics across unstructured technologies. He said this process is already popular in the legal industry. The third step is to try and apply more consistency across information sources.
“If you talk to IT professionals, most will say their data is just landfills of information they’d love to get rid of , it’s just taking up space.”
Murphy expects information governance (IG) projects will begin to take hold this year, especially in corporations. Most projects will be tactical in nature (e.g. shared drive cleanup and remediation) as companies first crawl and walk before learning to run. Think of 2013 as a bridge year between eDiscovery and IG. A small percentage of companies may even try to apply predictive coding methodologies to information classification, but do not expect that to become the norm.