Data destruction: When data should disappear


This article can also be found in the Premium Editorial Download "Storage magazine: Learning data retention lessons from Warner Bros.."

Download it now to read this article plus other related content.

Data destruction policies
It turns out that deciding on the destruction levels you're comfortable with is the easiest part of destroying data. The most complicated piece is figuring out what to destroy and when, and then sticking to it.

The National Association for Information Destruction (NAID) Inc., a trade association of data destruction companies, recently interviewed 508 companies of all sizes and industry groups across the U.S. on their document destruction policies. NAID's report revealed that 45% of surveyed organizations have no written policy concerning the protection and disposal of confidential information.

Gartner Inc. believes the problem is even worse than that. "There isn't a company in the U.S. that has an effective data [retention] policy across the board," says Debra Logan, research VP at Gartner in Haywards Heath, UK.

Government agencies appear to be among the worst offenders for hoarding data. "I have seen numerous instances of data without owners, and therefore of low quality and often useless, but we keep it all," says a senior U.S. government advisor on health policy who requested anonymity due to the sensitivity of the topic. A recent investigation to clean up a dataset that purportedly identified doctors being paid by Medicare took several months of study. The data went through five agencies and institutions that passed it on "without a care as to its reliability," according to this user. "No one owned it ...

Requires Free Membership to View

it was useless for our purposes." He suggests the IT industry needs two new professions: a data coroner who will certify when data is dead and a data mortician who will bury it.

Experts say the only way to get a handle on this data explosion is to create a data destruction policy that the new Federal Rules of Civil Procedure, effective since Dec. 1, 2006, all but mandate. Parties in a lawsuit are now required to address the issue of electronically stored data very early in the proceedings in compulsory "meet-and-confer" sessions. The preservation and destruction of data and its disclosure, as well as any claims of privileged information, for example, are now on the table per amendments to Rule 26(f).

Specifically, the rules say that while a litigant is under no duty to keep every document in its possession, it's under a duty to preserve any information that could reasonably be believed to be relevant to the case, says Mike Karp, senior analyst at Enterprise Management Associates, Boulder, CO. But, he says, what's reasonable to one person might not be reasonable to the next. It's this grey area that's a headache for many firms.

This was first published in August 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: