Do you observe data management best practices? Don’t be a data hoarder. Clean up your trash so that you can save money on secure digital storage, eDiscovery, and maintaining legacy systems.
Getting rid of records and information that are no longer needed by the business or to fulfill a legal or regulatory requirement also increases productivity by cutting down on time spent looking and searching for information and making processes more efficient.
Implement an Information Governance Program
Information Governance (IG) works on the enterprise level in order to support the current and future business, legal, and regulatory requirements of information. Getting rid of trash and plugging holes starts here. There needs to be an IG steering committee with stakeholders across disciplines (Records Management, IT, Legal, Compliance, Risk Management, Information Security, Privacy, key business units) to draw from various backgrounds and areas of knowledge to best govern and manage content created enterprise-wide.
Keep in mind, have your IG program start where the biggest needs are to stop the bleeding. Have consistent, enforceable policies and procedures employees can follow easily first then implement technologies to support them. Audit your progress to see where you’ve succeeded as well as what weak points need improvement.
Information Lifecycle Management
The information lifecycle starts at creation and goes through final disposition. Planning for systems in important before you start to fill them with information. Use application decommissioning to shut down legacy systems and save the costs of maintaining them. Then arrange for the disposition of content that is no longer needed for retention by migrating it into a new active system, archiving records needing long term retention or is under legal hold, or destroy it if no longer needs to be kept for business, legal, or regulatory needs.
Don’t keep everything forever and use big bucket retention to make disposition easier. Retain what you need to for discovery/legal holds, regulatory requirements, and business use. Defensible disposition enables an organization to cut down on digital debris by deleting information that has no business, legal, or regulatory requirement for retention. Shine a light on dark data to get rid of information that can be defensibly deleted and use content remediation for the dark data you need to retain. Slimming down and get rid of ROT will reduce the scope of an organization’s information to lower eDiscovery and storage costs.
Automation! Automation! Automation!
The less classification and management of information employees need to do the better so that they can focus on doing their jobs. This brings about more efficiency and productivity. Build RIM processes into technologies as much as possible to save time and money and worry less if workers are being compliant as the system will do that for them (i.e. retention assigned automatically based on auto-classification of records). Humans are more likely to make mistakes than computers. When implementing new technologies ease of use is important as employees should want to use the solution you provide. Automation can also help prevent dark data from being generated in the first place by de-duplication and adding metadata and classifications.
Secure Information Assets
Once you know what records and information you have - you can get rid of the trash. After that you need to make sure there is classification and data mapping to avoid proliferation of dark data. Then you can focus on making sure the good stuff is accessible to the right people and preserved for the term of its retention. However, you will need to balance the need for availability of records with security concerns.
There is only so much you can do against external cybersecurity threats.
In today’s world it’s not if you will be hacked but when. There has been a shift in information security from trying to keep out all threats to that of containment, including putting more time and money into securing the most important company information - Personally Identifiable Information (PII) and vital records critical to business operations.