You are a (data) hoarder!
How many times have you had a discussion with stakeholders who (in a discussion about data retention and archiving) have said - "we better keep those records as we may need them"?
Here are a list of statements that I have received when talking to clients about the archiving and destruction of old records:
We need to keep the records because of ...insert unknown spurious regulatory clause here...
We need to keep the records for data integrity reasons
We need to keep the records for investigation / fraud / operational reasons
We are keeping data for HOW long??
We have no idea how to remove / archive the data and don't know when it was last used
A tale of retention of data and loss of budget
I recently had a conversation with a long term friend and industry veteran who advised that while he was reviewing his ICT costs, he found a massive number next to his backup and archiving service. When he questioned this, it was uncovered that the organisation had been retaining records in various forms for nearly two decades.
An interesting internal discussion then ensued:
What if the records are important and we need to recover them from long term offline / offsite storage?
What would we do if we had to recover records from long term offline / offsite storage?
What are the risks of retaining records for much longer than we should?
Should we get on and delete these / destroy records?
The questions (and his answers) were illustrative of the need for us all to educate our stakeholders on this area.
In many cases, even if you wanted to recover, the technology may no longer be available (including operating systems, hardware, skills, software and processes). He used the example of trying to recover a backup of the first generation iPhone. Clearly this would be non-trivial.
Even if the technology exists to extract the data, (just like a very old bottle of wine) there is no guarantee that what you extract will be as expected. In some cases, it could be difficult to even determine whether a data corruption has occurred.
Risk and liability
Sitting on a large volume of data that could be subject to legal discovery and used against the interests of the organisation (or its customers) can introduce unnecessary risk & liability for an organisation.
If you would like to get some help to understand your information risks, get in touch.
Author: Clinton Smith