How to Cultivate Value and Weed Out Risk with Data Minimization
May 20, 2022
Many organizations are buried in obsolete data. Deleting in broad strokes can run afoul of regulatory requirements, but a “save everything” mindset is increasingly risky. Strike the right balance with these information governance best practices.
Every day, we humans generate an astounding quantity of data. Five hundred million tweets, 294 billion emails, 5 billion internet search requests1. At work, the average individual receives roughly 120 emails per day, while an estimated 1.5 billion Slack messages are sent every month. Several surveys have reported that organizational data grows by as much as 40 percent a year.
Data is the lifeblood of business, but not all data is worth saving. In fact, the costs and regulatory risks of over-retention can ultimately undermine the value an organization can gain from its data. Thus, determining what to keep and what to defensibly dispose of is critical.
Data disposal, of course, is not as simple as hitting the delete key.
Should It Stay or Should It Go?
Experts agree that data should only be retained when necessary for specific legal, regulatory or business reasons. Yet these categories combined constitute as little as 15% of the data an organization keeps, according to one survey. The remaining 85% should be considered for defensible disposal to reduce legal, privacy and security risk exposure.
An organization’s data universe should be thought of like a garden — a complex ecosystem in which a multitude of species (i.e., data sources and data types) grow rapidly and thrive but must also be carefully tended to. Old growth, depending on its purpose, may need to be maintained, pruned or culled. New growth must be managed to yield the best results.
Understanding the Data Ecosystem
To effectively minimize data, organizations must first understand the full scope of their legal and regulatory requirements across every jurisdiction in which they operate. Once those obligations are determined, they can be weighed against the needs of the business to inform a risk framework that reduces exposure without imposing excessive limitations on day-to-day functions, innovation or data usage.
For example, consider an IT department’s plans to delete all records associated with a retired employee. Human resources may need to retain certain information in its databases for pension payments. In another scenario, the legal department may require disposal of certain customer information in order to improve compliance with data privacy laws, but the organization’s product team may need subsets of that data to conduct go-to-market analysis.
This complexity leaves organizations in a difficult position. Coordinating a cross-functional team is critical for ensuring that every group’s needs are accounted for in the data retention and deletion program. A group of stakeholders who represent legal, compliance, IT, HR, security and other key functions can determine categories of records that must be preserved and establish a framework for how to implement new parameters across the organization.
Tending to the Garden
Addressing data risk and implementing deletion policies requires teams to understand and translate needs and align interests across a range of stakeholders. This is where an information governance (IG) expert can act as the gardener, taking a holistic view of the entire landscape, recognizing needs and opportunities for cross-functional integration, and advising on the steps to take for each new crop of challenges.
IG experts can identify how old data is accessed and its usefulness and help organizations categorize their records to implement a sustainable and defensible retention and deletion program.
The best gardener helps bring a vision of color and variety to life from seeds yet isn’t afraid to get their hands dirty. The same can be said of the IG expert who can thoughtfully cultivate and prune data according to regulation and compliance and meet company expectations while allowing room for the organization to derive value from one of its most important assets.
© Copyright 2022. The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.
About The Journal
The FTI Journal publication offers deep and engaging insights to contextualize the issues that matter, and explores topics that will impact the risks your business faces and its reputation.