“Back in Time”: Looks Good on Paper
In an earlier, simpler time, records managers ruled the world of archival storage and disposition – paper was their currency, onsite storage in the corporation was limited and came with indirect costs.
Offsite storage facilities such as Iron Mountain came with direct costs. Records officers deployed detailed departmental retention and disposition schedules to ensure information was disposed of regularly, absent a legal hold or other preservation requirements.
The governing philosophy was that company information should be kept only as long as absolutely needed and then be destroyed. This was relatively easy with paper records, as departments were typically in charge of what was sent offsite and kept an index with corresponding destruction dates. When the dates came up, the records department checked the box against legal holds, gained the necessary approvals and shredded the box or portion of the box.
The Tyranny (and Limited Reign) of Inbox Rules
When electronic filing became popular, information was still being disposed of, but for different reasons.
Computer storage was expensive and systems such as Outlook/Exchange had limited capacity.
As a result, network administrators imposed time- or size-based restrictions and often did so without consulting the records officers or considering how these items were actually used in a business sense. Further, there was little coordination with the disaster recovery and archiving functions. This gap resulted in users believing that information was electronically ‘deceased,’ while phantom copies were still in existence on backup tapes, on optical drives and with disaster recovery vendors.
The Bits Hit the Fan
In 2003, the first Zubulake v. UBS Warburg case was decided, in which UBS claimed it would cost $175,000 to restore 94 backup tapes containing contested emails.
By Zubulake V in 2004, the Court found that deleted emails had prejudiced the plaintiff’s case. This case and similar developments heralded a wave of fear-induced corporate retreat from the principles of principled disposition.
While retention policies remained on the books, they served only as paper tigers – the new reality was that nothing was going to be thrown out from that point forward, especially from an optics standpoint.
More storage was purchased, annual cleanout days were suspended, and backup tapes started to pile up. The situation was compounded by a wave of corporate mergers and acquisitions, retention of departing employee materials (including putting laptops and hard drives in closets), ever-cheaper storage, expanded capacity of systems such as Outlook/Exchange, the multiplicity of archiving tools and the retirement of legacy systems.
Why Old Data is Like a New York City Garbage Collection Strike
Like the proverbial boiling of the frog, corporations suddenly faced a landfill of old, unclassified, out-of-date data that interfered with operations, slowed down searches and business efficiency, and contributed to corporate liability, particularly in the realm of litigation and data migration.
Unlike the paper-based days of departmental filing and oversight, electronic systems, like email, don’t naturally lend themselves to user classification of individual items as business records to be assigned retention, disposition, convenience record treatment or ‘junk’ status. To paraphrase a Seinfeld episode, anyone can make a decision to save information, but authorizing destruction has become a “not me, Charlie!” exercise, to the point where forensics firms like Stroz Friedberg, an Aon Company, make whole engagements out of purging bad words or documents from an organization.
Within a few years, the problem became irreversible, with too much redundant, obsolete and trivial data, or ROT, having piled up exponentially to be actionable through human effort and assignment, corporate fiat or reasonable expense.
Just Wash That Mail Right Out of Your Hair
So do companies have an appetite to finally take this tiger by the tail? Signs point to yes.
As the risk and compliance walls begin to close around them, the cost/benefit shifts to the disposition of information that has become a liability and to moving these projects to front-burner status as budget begins to get allocated.
Often these projects can be incorporated into other initiatives such as a risk assessment, incident recovery, M&A due diligence, cloud migration or legal hold implementation.
If the company doesn’t have it:
- It can’t be a security threat
- It won’t need to be identified as having personal information for DSAR or compliance reporting obligations
- It won’t need to be preserved, collected, processed, hosted, reviewed and produced in litigation
- It won’t cause operational inefficiency
- It won’t require additional “harvesting” to determine what records exist if it’s a forensic image or legacy data type
- It won’t require additional resources to ascertain its owner and provenance
- It won’t incur additional storage expense
- It won’t need to be migrated to the cloud
- It won’t need to be backed up
So How Do We Help?
We can drill into the business and assimilate the policies, workflows, systems, lines of business, organizational structure, preservation obligations and data map, to then build out into an action plan that can take into account historic traps and pitfalls.
Our ability to work with the legal and compliance organizations, outside counsel, business units and IT, can help galvanize the organization into action and lay the foundation for a defensible effort.
Our methods encompass both a project-based reduction in the backlog, as well as the development of go-forward procedures, tools and trainings to implement a continuous program. Our team performs fact-finding missions which encompass both human interaction and automated techniques and include the use of direct data sampling tools to assess unstructured data sources for sensitive and expired data in corners of the network that fall outside the oversight of corporate IT.
At the conclusion of efforts, the corporation can be a leaner, more self-aware organization, better positioned to respond to risk, compliance, litigation, migration and operational challenges, and better prepare itself for the next wave of the unexpected.