Information Governance

Defensible Deletion: A Cure for Hoarding

A defensible way to clean up all the ROT

Defensible Deletion: A Cure for Hoarding

Although keeping data seems harmless at first, it can become a nightmare left unchecked. When it comes to enterprise data, deciding what is trash and what is treasure has a widespread impact.

A typical large corporation sits on petabytes of data, most of which is redundant, outdated, and trivial (ROT). This data costs $1.7 million per petabyte in storage alone and comes with additional problems.

Risks of Keeping ROT Files

  1. Privacy: Privacy regulations require organizations to safeguard user information, maintain it up-to-date, and delete it after specific periods.
  2. Security: Data security is a key concern especially when it comes to ROT because malicious actors or accidental employee mistakes can exploit security weaknesses.
  3. Legal exposure: Over-retained data creates risk in the form of exposure during eDiscovery.

Thankfully, there’s a cure to this: defensible deletion.

What is Defensible Deletion? Simply put, defensible deletion is the process of consistently applying a deletion policy once data is no longer required for legal, business, or regulatory reasons, and maintaining audit trails to show why data was deleted.

How to Defensibly Delete?

Defensible deletion requires coordination between each of the governance functions, including legal, compliance, records management, and privacy. Data cannot be deleted based on a policy set by one of these; they must be synchronized.

For instance, if data deletion is requested by a data subject per GDPR requirements, there needs to be a system in place to ensure that data is not on legal hold, or required to be retained for regulatory purposes.

Finally, the system needs to maintain audit trails of all data-related actions from identification to deletion, in the event of legal or regulatory inquiry into deleted data.

Ultimately, defensible deletion requires a unified system that centralizes control of all governance functions, provides a regular report of data that is eligible for deletion, and a provides an efficient process for stakeholders to take action on that data.

Bivek Minj graduated from the Indian Institute of Mass Communication with a degree in English Journalism. He serves as a Content Writer at ZL Tech India's Marketing department. He comes to the industry with a desire to learn and grow.