by Rob Lekowski
The average business user sends and receives 121 emails per day, according to a recent report by the Radicati Group. That’s more than 40,000 emails per year. If you have 100 employees, that’s over 4 million emails company-wide. That doesn’t even include all the attachments or all the other files each person has on his myriad devices (computer, jump drives, smartphone, etc.). The cost to store and secure all of that data is exponential. So, how do you determine what to delete and what to keep? What if you keep data you didn’t need, and then have to unnecessarily pay for its data collection and filtering? What if you delete data that is later needed for review in litigation? Without a defensible data deletion process in place, your company could receive sanctions for improperly disposing of information.
A defensible deletion policy helps organizations avoid court punishment while eliminating electronically stored information (ESI) that has little or no business value. In fact, 96 percent of respondents to an industry survey agreed a defensible deletion strategy is “absolutely necessary” to reduce the costs and risks associated with information retention, according to an article by the American Bar Association.
Here is an overview of four critical steps for creating and implementing an effective defensible deletion solution:
- Establish a process. Litigation is an everyday risk in business. Establishing a formal policy for your company’s deletion process is crucial to avoid potential penalties. In addition to data deletion, organizations should establish an information governance policy that clearly outlines what data to keep and for what length of time. It should also include a way to ensure the data that is under a litigation hold is preserved. Once the policies are outlined, they should be consistently and correctly implemented.
Playing catch up is never easy, so we encourage our clients to create a defensible deletion process that will last for the long run. Anticipate inevitable changes in your industry and incorporate them into your process.
- Map your data. Employees’ data can exist in a number of locations, such as laptops, servers, mobile devices, cameras, flash drives and more. If you don’t know all of the data you have – or where it is located – it is nearly impossible to govern or delete it.
Data mapping gives you detailed information about each piece of data within your organization – who created what, what device(s) data is stored on, who has access to it, when it was modified, etc. Without this information, you run the risk of accidentally deleting data or not deleting it at the appropriate time.
- Take legal holds into account. Your company could face serious sanctions if items that should be under a legal hold are discarded, so it’s important for your deletion process to manage these exceptions. Any applicable data should be quickly identified and held as long as the hold is in effect.
You can delete the data once the litigation hold has concluded, but make sure that is covered in your policy so that, should a litigation issue arise again, your company can defend its deletion.
To make the process as easy and streamlined as possible, we can provide clients with a customized platform that tracks legal holds and reports when you can delete data from the legal hold environment.
- Delete the data. Once you’ve established the deletion process and mapped out what data to delete, pull the trigger. The benefits are substantial. For example, maintaining ESI that has no value is expensive to store and secure – and, should legal proceedings ever take place, the ESI will be discoverable, which can add subsequent costs through the eDiscovery process, including collection, filtering and review. Having an effective and consistent defensible deletion policy in place can save you money and significantly reduce your risk of facing severe penalties.
Want more insight into how to create and enforce a defensible deletion policy, or to read about a company that has effectively established one? Download our white paper.