Reduce Corporate Clutter - Save by Deleting

Organizations struggle with the large volumes of unnecessary data they store and manage. According to IDG, unstructured data is growing at a whopping rate of 62% every year, with a significant part of it being redundant, obsolete, and trivial (ROT) data. Companies spend significant capital and resources for maintaining this data while increasing their legal and compliance risks.

To tackle this problem, organizations need to dispose of data that does not serve any business, legal or regulatory purpose. Regular disposal of unnecessary data also leads to improved Information Governance (IG) and data management. Defensible deletion should be a crucial part of every company’s data management practices to achieve regulatory compliance. While it sounds simple, it is difficult to implement it in practice.

What is defensible deletion?

Defensible deletion can be simply understood as the periodic elimination of ROT data in a manner that legal requirements to preserve data and ongoing business processes are not impacted. The first step in defensible deletion is determining what needs to be kept, archived, and disposed of.

From a legal perspective, companies can delete material that is not presently under a legal hold and not required for a statutory or business purpose. As per the Federal Rules of Civil Procedure 37(e), courts may not impose sanctions when a party fails to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.

Here are some considerations for successful defensible deletion:

1. Get “them” on board

Successful defensible deletion requires the collaboration and buy-in of different parties within the organization.

A cross-functional committee must be involved to plan the strategy for defensible disposal. This should include the important stakeholders from IT, finance, business units, and subject matter experts to ensure that the different types of data held within the organization are clearly understood.

Legal and records management professionals need to be actively involved in the process to avoid any slip-ups. The business users creating and owning the data should also be closely engaged with the program for it to sustain.

2. Chalk out a strategy

Your strategy for defensible deletion must complement and serve your company’s business approach and needs. A comprehensive data map can give perspective about the types of data stored across the company’s various systems. An overall IG policy can be laid out based on this information, which can help prepare an appropriate deletion strategy.

3. Build a robust framework

The process framework for defensible deletion should describe the value of different data sets and the risks associated with them. A records retention policy should be developed to establish criteria for deletion.

The data categories and locations under legal hold should be clearly identified and a legal hold policy should be drafted and implemented to preserve such data. In addition to data on legal hold, it is necessary to recognize data that is required for the organization’s regulatory obligations and business processes.

Executive support is critical as decisions around deletion could face challenges without buy-in from all the stakeholders. This can be avoided through alignment from all the parties around what data needs to be retained and what can be deleted.

4. Classification strategy

Data classification involves categorizing the data based on its relevance and sensitivity. Data classification enables the management of data in a more structured manner. It allows easy identification and decision-making on how to store, sort, or delete data.