Implement a defensible deletion strategy to manage risk and control costs

A robust information governance program will view deletion from a high-level, strategic perspective

Keeping corporate data “just in case” or because it is hard to dispose of is not a sustainable practice. Even in light of big data strategies, if an organization has not been able to make large volumes of content actionable and achieve measurable success, big data may simply end up as a big headache. Organizations need to understand what content exists, develop a reasonable, good-faith plan to manage it and then take action. One of those actions should be regular and defensible disposition of content that no longer presents value to the organization.

Although it may sound easy, the corporate, legal, regulatory and technological landscape of today’s business environment is extremely interconnected and complex, making judgments regarding content disposal a daunting task. Traditionally, organizations have made such decisions within a variety of management silos including IT, legal and records management, each with its own perspective on the value of content and its own business agendas. Taking such a splintered approach to the management of enterprise content can put an organization at risk for a variety of undesirable results such as over-retention of content, premature disposition of content and difficulty defending disposition activities to regulators and courts.

By committing to viewing information management from a higher, more strategic perspective, organizations can move from the mere management of information to true governance of information in which overall corporate goals, risks, obligations and budget are properly balanced. From there, they can make decisions as to which specific management tactics to take so that an organization successfully achieves its goals. That way, organizations effectively mitigate risk in accordance with their particular risk tolerance, including how best to dispose of content.

Even with sound policies and procedures in place, simply finding specific content is an enormous undertaking. In most organizations, information is continually created, received, replicated, re-stored and hidden throughout an enterprise. Once you have found the content, understanding it and then applying and enforcing appropriate management principles becomes a huge time-consuming task. 

In order to develop a defensible deletion program, organizations must define a methodology. The program must be manageable and achievable. The best place to start is by defining a plan that targets the highest risk data first. Ongoing litigation must be considered in any defensible deletion plan, so understanding the organization’s legal and e-discovery requirements and accounting for those in the plan is critical.

The next step is to get a solid understanding of the content the organization is retaining so that valuation can occur. By developing and using a data map, an organization will be able to obtain a strong understanding of what information it has, what information it regularly generates and where that information is stored. Additionally, data maps will offer insight into appropriate risk assessment. Using the insight from the data map, the organization can then develop an overall information governance strategy that defines what a reasonable deletion methodology should look like.

The concept of reasonableness is a key theory for organizations to apply when developing information governance strategies, policies and procedures. Courts do not ask, expect or necessarily reward organizations for perfection. Courts do expect, however, that whatever information management tactics an organization undertakes are appropriate to how that particular entity is situated (size, financial resources, regulatory and litigation profile, etc.).

Further, courts expect that as an organization develops and executes its information management programs that it does so in good faith, without malice or intent to defraud. Defensible deletion has many benefits that increase shareholder value by controlling costs and managing risk. Knowing that hidden data liabilities lurk in corporate networks, desktops, servers and offsite storage vaults keeps many executives up at night, or at least it should. Keeping all data is obviously no longer a strategy; the liability is too costly and risky. By establishing and maintaining a robust information governance program, including a defensible deletion strategy that reduces the size of the organization’s overall information universe, the expense and time associated with finding and collecting responsive data when litigation occurs will be dramatically reduced.

Contributing Author

author image

Julie Colgan

Julie J. Colgan, CRM, is Director of Information Governance for Merrill Corporation’s Client Advisory Services group. Merrill Corporation is a leading provider of outsourced solutions...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.