Friday, December 12, 2014

The process for disposing of digital information

The shredding of information is technically complicated but doable. What is really challenging is figuring out what should actually disposed. EDRM published a paper on the topic call Disposing of digital debris.

The paper cites a 2012 CGOC survey about the state of information in enterprises. Apparently, 69% of retained information has no legal or business value. Low value information includes:  short-term reference files; orphaned files; outdated or superseded files; upgrades, safety, and litigation copies; outdated storage technology; and technical duplicates (that may or may not be deletable)

The benefits of eliminating this information include: reduced litigation and productions costs ($18K per GB); reduce employee cost; storage/infrastructure TCO; litigation and compliance risk; better predictive capability.

Not surprisingly, the EDRM heralds its own IGRM reference model. Basically, it provides an information lifecycle model that moves information through create/use to retain/archive to dispose. Movement ultimately depends on issues like  business/profit; privacy and security; IT efficiency; RIM; and legal.

EDRM notes that people are a huge part of the digital disposal issue. Different groups provide different perspectives:

  • Senior leadership provides support for an information governance program.
  • Business units can identify what is important to them on an ongoing basis.
  • Information security/privacy/compliance needs to have input.
  • Legal must provide insight on the legal hold expectations and processes.
  • Records management maintains the retention schedule and provides guidance on naming conventions, deduplication, etc.
  • IT must maintain all infrastructure and police actual retention and disposal.
Review all policies and procedures concerning the disposition of data. Determine what actually works within the organization and what doesn't. Identify common classification and data retention models. Identify the relevant workflows. Address particular demands e.g., prior art, patents, contracts, etc. It might also be of some benefit to explore the use of auto-classification and put other technologies in place such as automated legal holds, records retention, deduplication, storage tiers, etc.

Each group will have specific responsibilities:

Records management
  • provide master retention schedule
  • provide taxonomy
  • IT can then interpret how to deal with un-managed or legacy data
Legal
  • identify data for legal hold
  • define process for collection
Line of business
  • identify the information it creates
  • identify the information it uses
  • classify retained information
Privacy and security
  • ensure that industry and regulatory obligations are met.
IT
  • manage information based upon business value and duty.

This model also exists as a maturity model which is quite interesting:


0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home