An effective defensible disposal programme can drive cost and risk from business operations and lead to greater financial performance. The basis is to create policies that establish when a piece of information has no business value or becomes obsolete. The data can then be destroyed at the earliest possible point. Not only does this provide for more effective information storage, it reduces the risk that legacy information could prove damaging in future litigation proceedings.
Why is defensible disposal important?
There are three key areas where defensible disposal delivers significant business benefits:
Making sense of information
With research showing that as much as 70% of the information held on corporate networks providing no business, legal or regulatory value, the ability to delete this data means that it will not form any part of a discovery process. Often the lifecycle of Records Management is different to the organisation’s IT lifecycle resulting in applications and information being held up on systems that are now obsolete. Although this information is not lost it becomes inaccessible and may have no business value or fall within records retention regulation although this is relevant should litigation proceedings begin.
Reducing the cost of discovery
Estimates show e-discovery costs to be between $1.5-3 million per terabyte of stored information. If you consider that 70% of the information stored is unnecessary then the simple fact of its existence adds a great deal of time and cost onto the discovery process. As some organisations have taken the decision to store all information then every piece has to be analysed, however irrelevant.
Improving information storage
Information storage is often considered to be low cost but estimates put the estimated cost of managing a terabyte of data through its lifetime between $14,000 an £17,000. If only one quarter of that data actually needs to be there, then the saving for any company is potentially huge. Improving information storage also allows for better storage management where capacity is freed rather than requiring a systems upgrade. In addition, the ability to identify obsolete and legacy information often leads to the discovery of systems that are still operating but have no part of existing business operations and should be retired.
What should an organisation do?
There are five steps to a successful defensible disposal programme:
Select the right team
As with Information Governance as a whole, an organisation will require a cross-functional committee to develop the strategy and plan for defensible disposal. At a minimum this should include CIO, CFO and General Counsel. It should also include line-of-business managers and area experts to ensure that the full range of information items within the organisation is clearly understood.
Create a coherent framework
Information governance should develop a strategy for unifying the disparate and siloed information, processes and practices within legal, records, business and IT departments. Defensible disposal should extend this by providing a framework that sets out the value of information, the risks associated with information sets, the retention requirements for information sets, and the disposal of unnecessary information.
Create an effective plan
Establish a clear plan that sets out the connections between business objectives, the processes and actions needed, the organisation’s ability to achieve those actions and the the measurement needed. Ensure that each flow of information is established to defensibly dispose of information at the earliest possible point. For example, de-duplication so that there as few instances of information as possible within an organisation.
Implement the right technology
There is no way that an organisation of any size can maintain a manual defensible disposal process. The right tools and technologies are required to automate legal holds, the retention of records and the proper tiering and disposal of information.
Measure and audit
As with all programmes, continuous improvement should be the goal so continuous measurement in terms of risk and cost reduction and capacity improvement is important. Once established the defensible disposal programme should be regularly audited to identify process failures and highlight areas for improvement.
Checklist
- Aim to delete unnecessary information at the earliest point
- Establish a cross-functional steering committee
- Establish a framework for managing information lifecycle to disposal
- Select the correct tools and technologies
- Automate as much of the defensible disposal programme as possible
- Regularly audit the programme