Organizations are often afraid to delete their risky, aging, or duplicate data, in spite of the high stakes created by regulations like GDPR and CPRA. Regulations are clear about minimum retention periods for different types of records, but they rarely prescribe a timeline for deletion. Competing priorities across organizations can also stymie deletion efforts.
Understand The Complexities of Retention and Deletion
The diverse and fractured nature of cloud and on-premises storage and the wide range of application and data types requires tailored deletion approaches across the organization. There are also nuances of handling different data types and storage methods. To develop a successful deletion strategy:
- Get stakeholders on board from the start. Poor stakeholder (legal, compliance, IT, and security) alignment on information governance creates gridlock once someone identifies the need to delete data. In a successful governance program, key stakeholders can express their fears and goals about the information they steward. Mature governance programs often adopt a distributed/federated governance model, where information managers are embedded in key lines of business.
- Know what really happens to your “deleted” data. Built-in deletion functions may result in the Schrödinger’s cat of data — it appears to be gone from a search or navigation point of view, but it exists in the digital equivalent of a recycle bin.
- Avoid overlooking unstructured data. Unstructured data, such as documents or rich media, often accumulates in network drives or collaboration sites.
- Dispose of paper records appropriately. Careless disposal of paper records spawns all sorts of risks when papers containing sensitive information end up in the street or a garbage bin.
Don’t Set It And Forget It
Once you’ve assembled your information governance dream team and established your strategy, don’t call it a day. Successful organizations often take several attempts to establish a working information governance practice. Fizzled approaches result from lack of agreement on scope, priorities, and how information governance aligns with business priorities. Successful governance programs must iterate and adapt as the data landscape changes.
For more details, check out our new report, “Build Confidence In Your Data Deletion Strategy And The Courage To Execute,” It uses an information governance lens to lay out best practices for data deletion strategy, and how to overcome deletion hesitancy in your organization.