Almost 90 per cent of IT and legal pros value data retention plans, but less than half of their organizations have them and many fail to follow through with required technology, finds Applied Research survey.
When it comes to retaining important emails and other records, 87 per cent of IT and legal professionals believe that having a formal data retention plan is important for knowing which information to retain or delete. But only 46 per cent of their organizations actually have such a plan.
That's according to a new study released by Symantec, based on a June 2010 survey of 1,680 senior IT and legal executives in 26 countries, conducted by Applied Research.
"There's definitely a gap in terms of what people perceive as important around information management -- around retention policies, deletion policies -- and what their actual practices are," said Danny Milrad, senior manager of product marketing for information management at Symantec.
In some cases, organizations create good retention and deletion policies, but fail to follow through with required technology. For example, in 2009, the Massachusetts attorney general launched an investigation into the city of Boston's email retention practices, or lack thereof, after it emerged that the chief of policy and planning had deleted his work email on an almost daily basis, and that his emails hadn't been retained.
Last week, however, the state's attorney general dropped the case against him, noting that the city's own archives and records management division "actually encouraged employees, in concrete, easy to understand language, to routinely delete emails," which the city officially stored for three years. Unfortunately, no such storage system was in place, though the city has since begun to rectify the problem.
Boston aside, many organizations lack any clear policies, resulting in a pack-rat approach to retention. Deleting nothing, however, creates its own problems, because storage isn't cheap.
For example, the Symantec study found that 75 per cent of enterprises use their backup systems to satisfy legal hold requests, and that such holds account for 45 per cent of their total backup storage volume. Furthermore, by some estimates, approximately 70 per cent of all stored data is duplicate data.
Taken to extremes, this volume of stored information can literally start to consume the company. "We had a customer in the UK that had so many backup tapes that they had to shut down the company's swimming pool to build a storage facility," said Milrad. "For electronic discovery requests, how much does it cost to pull those tapes out and find the information?" With 250,000 tapes in total, the cost and time required could be substantial.
If that example is a storage-volume outlier, it previews where many companies are headed. The lesson, then, is to have a plan and put the right technology in place to ensure that your organization sticks to the plan, said Milrad. "Being able to defend your information management plan is what's going to be able to keep your CEO out of the news, for reasons they shouldn't be in the news."
Return to security news headlines
View Security News Archive