By Matthew Bernstein, Bernstein Data
Defensible Disposal is the process of identifying data that is no longer relevant or needed and effectively disposing of it. This discipline and process removes unnecessary data/information (paper or digital) your company has created, collected, stored or archived. Defensible Disposal has become essential to information governance and provides numerous benefits. Building a program that identifies obsolete or valueless information, and disposes of it, mitigates litigation risks, reduces the cost of both storage and discovery, lessens the burdens of administration, and reduces the “attack surface” of information susceptible to data breaches. Defensible Disposal is also essential for compliance with new data privacy and protection laws.
Like most seemingly difficult problems, breaking down the actions required for a Defensible Disposal program into the proper steps can provide the foundation for success. Here are five tips:
1: Engage and involve the right people – early and often.
Disposing of information will likely require support from multiple corporate stakeholders and, usually, a disruption and cultural shift in how companies operate. Disposal projects are typically driven by departments looking to reduce costs, such as technology and operations. Unfortunately, these departments often do not understand that Defensible Disposal requires other stakeholder involvement; without it, the project can get derailed. An effective Information Governance program brings the right stakeholders to the table early. It saves time and resources and can produce results.
2: Don’t assume people know what they don’t know.
Involvement in this project requires communication and education. For most employees their day-to-day scope of knowledge is typically narrow. Before you can defensibly dispose of information it is important to understand the end-to-end operational processes: where the data/information is being created, stored, archived, and backed up. You will be amazed what you learn when asking those in the organization who have responsibility for managing the systems and data. That is another reason why involving the right stakeholders upfront is essential.
3: Refine and focus priorities.
Prioritize and define what you want to focus on. Is it reducing risks, cutting costs, or multiple objectives? With the growth of data, companies are finding it very difficult to govern and safeguard information. They often do not have the time, budget, or the ability to garner executive support. When starting a project, limiting its initial scope enables you to gain traction early on and demonstrate quick wins.
4: Ensure the process is consistent, repeatable, and documented.
Information Governance programs, such as Defensible Disposal, require adherence to multiple laws and regulations. The decisions and processes you follow must be consistent, repeatable, and documented. Regulators and auditors expect this. This can include a policy, procedure, or process that you consistently follow, with documented audit trails and reports maintained for decision support.
5: Maintain the program.
Whatever the impetus for focusing on Defensible Disposal, ultimate success comes from the transition of a project into a program. Defensible Disposal, like all Information Governance initiatives, should become a business-as-usual process. This does not equate to a long-term roadmap that can never be achieved. It means Defensible Disposal and Information Governance are taught as part of compliance training manuals, ensuring everyone in the organization understands the benefits of addressing the objectives, and the risks in neglecting them.
To help start your journey toward developing a successful Defensible Disposal program, please contact Bernstein Data. We know the road map and can serve as expert navigators.