Home Why And How To Destroy Your Data

Why And How To Destroy Your Data

Holding on to old data slows applications, increases storage costs and backup times, and dramatically increases the danger of attacks. A good data disposal policy can reclaim some of your budget and help you sleep better at night.

For the sake of argument, let’s assume your company already has a data retention policy. If it doesn’t, stop reading right now and make one. No one wants to be left in the lurch when auditors come calling or a client claims you didn’t pay that invoice back in 2011.

But what about the other side? Is there such a thing as too much data?


Why You Need To Do It

According to the Compliance, Governance and Oversight Council, nearly three quarters of all data stored in an organization has no current business use. If that seems like a lot, consider the forms that data might take. The biggest and scariest culprit is email, which often contains sensitive personal and client information, as well as multiple versions of files forwarded as attachments. Email is a horrible storage and versioning system, but it’s one of the most popular.

Then there’s the problem of department-specific data silos, which often hold redundant records that can be orphaned. Imagine your HR, Marketing and legal departments each keep separate copies of employee records. For compliances’s sake (or, more likely, because you never got around to integrating your systems), those records are all stored in separate systems. If HR terminates an employee but the information doesn’t sync, you’ve just created orphans in the other system that may last forever.

On the other hand, maybe you’ve done it right. Your records share a common repository and each department has properly permissioned views.

You still might be in trouble.

HR might need to retain certain data after a termination, but retaining other sensitive information might actually be illegal. If you’re in a highly regulated industry, you’re probably aware of these restrictions. If you’re not, you may not know about them until there’s a lawsuit after a breach.

Don’t forget about the storage issue. Slashing your storage by 50% to 75% would save a lot of cash. The CGOC estimates a savings of up to $50 million in some enterprises. In some highly virtualized enterprises, storage costs can account for as much as 40% of the total IT budget. Plus, everything – from record searches to backups – will run faster.

If you’re still not sold, Ben Rothke’s 2009 article, Why information Must Be Destroyed, remains valid and convincing.

You’re on board. Less data equals the less risk carried, faster systems, and more money.

How Do You Get Started?

Create A Policy

This might sound obvious, but the first step toward disposing your data is to create a data disposal policy. It should mirror and integrate with your data retention policy, as well as any other physical destruction (e.g., shredding) policies you follow. You don’t want anything falling through the cracks.

Don’t try to make decisions on your own. Each department should have input, and the final policy should pass through legal and compliance reviews before landing on the CEO’s desk. Everyone needs to be on board.

Assume The Worst

Try to minimize the amount of effort required by employees. For example, autoarchiving emails past an age threshold will point out inappropriate use pretty quickly. One CTO of a mid-sized firm remarked that when his company moved from POP to IMAP and began archiving older emails, his sales department panicked. “They’d been storing customer data in emails and spreadsheets instead of using our CRM system. We were storing sensitive data without gaining any value, and our sales reps weren’t doing their jobs.” There will always be room for human error, but prevention will ease the cleanup burden after the fact.

Consider The Hardware

Different types of data require different disposal methods. Medical records or confidential design documents may require physical destruction of a disk or a magnetic degaussing. Old tweets and press releases probably need only a simple overwrite. If you’re still storing a mix of data on the same physical disks, this might be a good time to change that.

The disposal methods you choose will be based on your industry, so your Legal department is the ultimate authority, but you can start your research with the NIST’s Guidelines for Media Sanitization.

Get Service Guarantees

This is a problem even the largest enterprises sometimes face. Much of your data is in the hands of third parties, and more will be shifting that way soon. It may be their cloud, but it’s your data.

Send your disposal plan to your service providers and get a guarantee that they’ll abide by it. This may add costs to your contract, but failing to do so makes the policy pointless. If your provider already specializes in government or industry compliance, this should be an easy talk to have. If its not, consider shopping around for new services.

Remember: It’s A Process

You won’t be able to do everything at once. Some parts of the policy may require more review than others. Some systems may require redesign. Get the low-lying fruit first.

If you’re starting from scratch, even the first steps are steps in the right direction.

All images except chart courtesy of Shutterstock. Chart courtesy of the Compliance, Governance and Oversight Council.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.