News Stay informed about the latest enterprise technology news and product updates.

Storage Decisions: Storage managers must explain retention, email archiving and compliance

Information governance expert tells Storage Decisions attendees they need to explain the technical realities of data retention, email archiving and compliance to their firms.

NEW YORK -- A consultant specializing in information governance told a Storage Decisions crowd Tuesday they must help their organizations understand the realities and limitations of technology as it fits with compliance because "If you don't do it, nobody else will.

"Lawyers create policies that are well written, astonishingly intelligent and absolutely impractical," said Barclay Blair, information governance practice director at Phoenix-based Forensics Consulting Solutions LLC. "Somebody has to help understand the realities of technology. You bring an understanding of how information management works."

During his talk, "A Storage Manager's Role in Information Governance," Blair defined information governance as "the people, processes and tools to help organizations help manage information better."

The world is awash in email; we've lost control of it.
Barclay Blair
Information Governance Practice DirectorForensics Consulting Solutions LLC
He said email archiving is the biggest technical issue now, and organizations are wasting millions of dollars keeping too much or too little information. Blair said companies can't keep everything and can't throw everything away, so they must develop retention policies that determine what to throw away, what to keep and how long to keep it.

"Whose problem is this?" he asked. "Who should be responsible? The storage manager? Compliance manager? Litigation attorneys? Business managers? That's a complicated question. But there's no question the storage manager has some kind of role in the governance of information."

Blair said that role is to bring the storage voice to governance policy development. He said storage managers must learn the basic principles of compliance, including the most important regulations affecting their companies, educate business people on the difference between backup and archiving, and help the organization understand the full hard and soft costs of storage archiving by boiling it down to cost per gigabyte.

Tackling the problem consists of setting a foundation (policies), implementing it (tools and training), remediation (cleaning up the past) and continuous improvement (audit and adjustment). The goals are to reduce risk and costs.

"Cleaning up the past isn't the first step, it comes along later," he said. "Let's build the world we want to move into first."

Blair said storage managers should address PST/NSF files, implement a legal or litigation hold process, reduce volume with smart storage and archiving, and use data classification tools. He advised against imposing mailbox size limitations without a retention and archiving strategy, and said not to let employees decide how long email records should be retained.

He added that email is today's culprit because "email is frankly a disaster when it comes to compliance and litigation. No one on the planet decided to use email, it just came along. They didn't think about the legal and compliance implications of the technology. The world is awash in email; we've lost control of it."

However, he said organizations must consider how to manage the proliferation of social networks and other new collaboration tools. "If we're going to use them, we have to legitimize their use, formalize their use and socialize their use," he said.

Dig Deeper on Data storage compliance and regulations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.