Blog

A $650M Lesson in Defensible Deletion: The Cost of Over-Retention

Explore how data over-retention fuels legal risk and why defensible deletion is key to reducing exposure and strengthening governance.

When former McKinsey & Co. partner Martin Elling pleaded guilty to obstruction of justice for destroying documents, the headlines focused on his individual wrongdoing. Yet beneath the surface of this high-profile case lies a broader issue for enterprises across all industries: what happens when over-retention becomes a liability?

Elling admitted to destroying documents related to McKinsey’s work with Purdue Pharma, the drugmaker behind the opioid painkiller OxyContin. The consulting firm had advised Purdue on strategies to “turbocharge” OxyContin sales, including targeting “high-value” prescribers who prescribed opioids for illegitimate uses. When regulators began investigating, Elling took matters into his own hands. In one email, he proposed “eliminating all our documents and emails.” He later deleted Purdue-related files from his laptop.

Elling now faces up to a year in prison, and McKinsey recently agreed to a $650 million settlement. Elling’s actions were more than a lapse in judgement, they reflected a digital landscape where organizations often lack the tools and governance policies to responsibly dispose of data.

The Illusion of Safety in Over-Retention

For decades, organizations have defaulted to hoarding data. The logic was straightforward: if you don’t delete anything, you can’t be accused of destroying evidence or violating recordkeeping requirements. But this outdated mindset fails to account for the growing volume and vulnerabilities of unstructured data.

As enterprise unstructured data continues to explode, so does the amount of Redundant, Obsolete, and Trivial (ROT) data clogging up file shares and cloud storage. ROT brings significant storage and security costs that can resurface during litigation.

The McKinsey case illustrates this perfectly. If proper governance had been in place, including clear retention policies and audit-backed deletion, McKinsey might have been able to dispose of outdated Purdue-related data long before it became a legal risk. Instead, poor information governance made the organization vulnerable, and impulsive actions by an individual only amplified the damage.

Defensible Deletion: A Strategic Necessity

The answer is to delete defensibly, rather than recklessly. Defensible deletion is the practice of systematically disposing of data that no longer serves regulatory, legal, or business purposes. It enables organizations to reduce risk while remaining transparent and compliant with industry obligations.

At its foundation, defensible deletion rests on three pillars:

1. Retention and Deletion Policies

Organizations must define how long different types of data should be kept based on legal, regulatory, and operational needs. These policies should cover all content types, from structured databases to unstructured communications, and account for industry requirements and legal holds.

2. Strict Adherence to Policy

Establishing rules is not enough. Companies must implement systems that enforce policies automatically or with appropriate review workflows. This ensures that data is retained or deleted consistently, reducing the risk of ad hoc decisions or human error.

3. Audit Trails

Every deletion action should be logged and traceable. Audit trails enable organizations to prove that data was disposed of in accordance with defined policy. This is what makes deletion defensible in court, to regulators, and in the eyes of shareholders.

A Call for Enterprise Data Governance

The McKinsey scandal should serve as a wake-up call for enterprises. Regulators and prosecutors are increasingly focused not just on corporate misconduct, but on the systems, or lack thereof, that enable it.

In this environment, strong information governance is a frontline defense. Data management decisions made years ago can resurface during investigations, and the only way to prepare is to govern proactively.

That means culling enterprise data with care and eliminating ROT before it becomes a risk. Organizations must align legal, compliance, and IT teams around a vision of strict adherence and defensibility.

Better Governance Starts with Letting Go

Keeping everything is no longer the “safe” route, it’s a liability. In today’s evolving legal and regulatory environment, organizations that fail to govern their data are inviting penalties and reputational harm.

Defensible deletion offers a path forward. By implementing lifecycle policies, enforcing them consistently, and documenting every step, enterprises can reduce risk exposure while building a more secure and compliant data environment.

Interested in defensibly disposing of unmanaged ROT files and messages? Download our brochure.

Valerian received his Bachelor's in Economics from UC Santa Barbara, where he managed a handful of marketing projects for both local organizations and large enterprises. Valerian also worked as a freelance copywriter, creating content for hundreds of brands. He now serves as a Content Writer for the Marketing Department at ZL Tech.