Retention & Defensible Disposal

Subscribe to Retention & Defensible Disposal via RSS

3d blue cubes come together from different directions.Dr. Stephen Covey reminded us that “important” is not the same thing as “urgent.”  Records retention reminds us that important is not the same thing as exciting.  I get it – records retention schedules are boring.  But the fact remains that literally thousands of records retention requirements apply to your organization’s information.  I know, because my firm finds and tracks these laws as part of our decades of retention schedule work for clients across industries.  And your regulators expect you to know them too.

Records retention requirements generally apply to information’s content, regardless of the information’s medium – electronic data, paper, you name it.  The requirements are scattered across the federal and 50 states’ statutory and regulatory codes, often with unusual retention mandates.  Here are just a few:
Continue Reading Why govern our information? Reason #11: Thousands of federal and state records retention laws apply to your company

disk cleanupIn a previous post I suggested that Information Technology is really in a good position to help identify and clean up ROT (redundant, obsolete, and trivial information).  Sometimes, though, IT needs a helping hand to get the attention of those who can approve a budget for clean-up initiatives.  Here’s where Audit comes in.

Over the years, I’ve seen many information governance clean-up programs come to life in the wake of an expensive e-discovery effort, or an embarrassing and costly data breach.  Needless to say, such events draw the attention of the C-suite and boards of directors.  That attention usually translates into emergency funding and action to shut down e-mail retention, delete old files, and generally do what should have been done all along: better manage information.  Audits, whether external or internal, can serve the same function.

Continue Reading InfoSec Audit’s role in cleaning up ROT

Twenty percent solutionOK, IT mavens, listen up…how much better would your life be if you only had to manage and protect 20% of your company’s data? By eliminating 80% of your data you could free up oodles of storage, reduce licensing costs, shorten backup cycles, and drastically cut e-discovery preservation costs, not to mention go home on time for a change.  For most this is an unrealistic pipe dream, but it doesn’t need to be.  The trick is knowing which 20% to manage.
Continue Reading The 20% solution for information management and security

Destroyed CDs - shredded by a shredder.It lingers on – that vaguely guilty feeling that there’s something sanctionable, even illegal, about routinely destroying business data.  That’s nonsense.  It is well-settled United States law that a company may indeed dispose of business data, if done in good faith, pursuant to a properly established, legally valid data retention schedule, and in the absence of an applicable litigation preservation duty.

Even the courts themselves dispose of their data.  Federal courts are required by U.S. law to follow a retention schedule approved by NARA, and to ultimately destroy records or transfer them to the Federal Records Center, as directed by that retention schedule.

Here are but a few of the many case decisions on this point:

Continue Reading Why govern your information? Reason #6: It’s OK to destroy your data.

Endless book tunnel in Prague libraryAs the information tide relentlessly rises, many organizations simply see an IT problem, to be fixed with a purely IT solution – more storage capacity, more tools, or both.  But merely adding more storage is a reaction, not a strategy.  And adding technology tools without the right governance rules invariably makes things worse, not better.

This is not a criticism of your IT team.  Instead, the problem lies in a misunderstanding of the fundamental challenge.  Just as you shouldn’t bring a knife to a gun fight, you shouldn’t merely bring more storage capacity and IT tools-without-rules to your fight to regain control over your organization’s information.  What’s needed is governance.

Continue Reading Why govern your information? Reason #7: Merely adding more storage and more tools won’t solve your data problems

Wild Horses in Pens
https://www.kickstarter.com/projects/wildhorses/wild-horses-0

As a horsewoman, I have followed the plight of the American Mustang in recent years, and I am once again struck by parallels with the management—or lack thereof—of information.   Good intentions, poor execution.  Hopes that the problem would disappear.  Management by crisis.  Inattention leading to untenable yet continuing costs.   Fighting factions with competing agendas and differing views of the facts, with no resolution.

A little background:Continue Reading Roundups and records—it’s still the Wild West in 2016

Hiker choosing between to directions at the mountainRetention schedules are essential in bringing order to a company’s complicated, chaotic information environment.  Whether they succeed in doing so depends largely on whether they are structured properly.  So, the age-old question is, what’s the best way to go – organizing the schedule by department/group, or by information content types?

The answer is both, plus an absolutely crucial element that’s missing from the question – the information’s context.Continue Reading Keeping data in context

3d blue cubes come together from different directions. Dr. Stephen Covey reminded us that “important” is not the same thing as “urgent.”  Records retention reminds us that important is not the same thing as exciting.  I get it – records retention schedules are boring.  But the fact remains that literally thousands of records retention requirements apply to your organization’s information.  I know, because my firm finds and tracks these laws as part of our many years of retention schedule work for clients across industries.  And your regulators expect you to know them too.Continue Reading Why govern your information? Reason #11: Thousands of federal and state records retention laws apply to your company