FRAMINGHAM, 23 JUNE 2009 - We are collecting data at ever-increasing rates as the costs of data storage go down. Why get rid of our beloved data when we can always buy more storage space? Some companies like Google love collecting and working with data, and these companies will rarely or never get rid of their data. But odds are your company is not like Google and does not need all of that old data. This column will focus on crafting an effective data destruction policy.
Unfortunately, over time, often a company's storage of data starts to resemble the crazy old hermit's house with newspapers dating back fifty years stacked floor to ceiling. But instead of newspapers, your company is drowning in old digital data. While you may have a method to your madness and know where everything is, you probably do not need all of your old outdated data. To fix this mess, your company needs to figure out what data it has and create effective policies for disposing of it.
Since I am a technology attorney, this column is going to focus on digital data--all those ones and zeros that are littering your storage media. This column will address the important questions of who, what, where, when, why, and how you should destroy your data. For those of you who hate to throw anything away, please bear with me. This will not hurt a bit.
Your process should guide your company in deliberately and irreversibly removing and destroying old data stored on your systems. This destruction is intended to be permanent.
Consistency Is Key
Having a consistent data destruction policy followed by everyone within your company at all times is vital, especially when you are faced with litigation. Legally and properly destroying data prevents extensive fishing expeditions by your opponents in litigation (which is a legalized and ritualized form of warfare). A regular business process addressing data destruction should also get you some "safe harbor" protections under the Federal Rules of Evidence relating to electronic evidence should litigation arise. I hate to use the word "should," but every situation is different. Be aware that the safe harbor protections exist. You should work with your tech attorney to take advantage of them.
A data destruction policy is the second part of your data retention policy. Completing and implementing your data retention policy will help you determine where you store your data, which makes it somewhat easier to delete old data you no longer need. Once you have mapped out of where you store your stuff and developed a policy on how long you need to keep it, you must formalize the destruction process.
Sign up for MIS Asia eNewsletters.