As the information tide relentlessly rises, many organizations simply see an IT problem, to be fixed with a purely IT solution – more storage capacity, more tools, or both. But merely adding more storage is a reaction, not a strategy. And adding technology tools without the right governance rules invariably makes things worse, not better.
This is not a criticism of your IT team. Instead, the problem lies in a misunderstanding of the fundamental challenge. Just as you shouldn’t bring a knife to a gun fight, you shouldn’t merely bring more storage capacity and IT tools-without-rules to your fight to regain control over your organization’s information. What’s needed is governance.
More Storage is Not the Answer
If the accelerating, worldwide growth of data were a throw-back movie, it would star Vin Diesel – Fast & Furious. It’s hard to wrap one’s head around the magnitude and velocity. Try this – for context, the total content of all catalogued books in the Library of Congress has been estimated variously at 10 to 15 terabytes of data. IDC’s Data Age 2025 study pegged the world’s 2018 data volume at 33 zetabytes (33 billion terabytes), and forecasted that data volume will reach 175 zetabytes by 2025, a more than quadruple increase. In case your head hasn’t exploded … apparently 1,000 zetabytes is a yottabyte, and as of yet there is no officially recognized International System of Units name for 1,000 of those (I propose “Lottabyte”).
Why the dizzying growth? Internet use is certainly a contributor (a lot can happen there each minute). But it is the Internet of Things, combined with the Industrial Internet, that will increasingly generate gobsmacking quantities of device and machine data.
Let’s hone in on the reality faced by individual organizations. Unstructured data (documents, spreadsheets, presentations, audio and video files, email, and the like) can comprise 80% to 90% of total enterprise data. Unstructured data is often largely uncontrolled, scattered across network drives, user’s computers, and the organization’s electronic content management (ECM), collaboration, and e-communication systems.
Veritas’ Data Genomics Project produced an interesting 2016 study that analyzed tens of billions of unstructured data files, with over 8000 file extensions, at Fortune 500 companies. Key finding? Storage capacity grows each year, but so does data volume – 39% annual growth in the number of unstructured data files, year over year. Just as a bigger closet or garage at home results in the accumulation of more stuff, when businesses add larger on-premise or cloud repositories without governance controls, it inevitably leads to larger data volumes. More storage simply enables more data hoarding.
Having too much data causes problems beyond needless storage costs, workplace inefficiencies, and uncontrolled litigation expenses. Keeping data without a legal or business reason also exacerbates data security exposures. To put it bluntly, businesses that tolerate troves of unnecessary data are playing cybersecurity roulette … with even larger caliber ammunition.
Dr. Stephen Covey reminded us that “important” is not the same thing as “urgent.” Records retention reminds us that important is not the same thing as exciting. I get it – records retention schedules are boring. But the fact remains that literally thousands of records retention requirements apply to your organization’s information. I know, because my firm finds and tracks these laws as part of our decades of retention schedule work for clients across industries. And your regulators expect you to know them too.
In a 
OK, IT mavens, listen up…how much better would your life be if you only had to manage and protect 20% of your company’s data? By eliminating 80% of your data you could free up oodles of storage, reduce licensing costs, shorten backup cycles, and drastically cut e-discovery preservation costs, not to mention go home on time for a change. For most this is an unrealistic pipe dream, but it doesn’t need to be. The trick is knowing which 20% to manage.
It lingers on – that vaguely guilty feeling that there’s something sanctionable, even illegal, about routinely destroying business data. That’s nonsense. It is well-settled United States law that a company may indeed dispose of business data, if done in good faith, pursuant to a properly established, legally valid data retention schedule, and in the absence of an applicable litigation preservation duty.
Retention schedules are essential in bringing order to a company’s complicated, chaotic information environment. Whether they succeed in doing so depends largely on whether they are structured properly. So, the age-old question is, what’s the best way to go – organizing the schedule by department/group, or by information content types?