Defensible Disposal is the process of identifying data that is no longer relevant or needed and effectively disposing of it. It is a process that, over time, has become essential to data management and brings with it numerous benefits. Building a programme that identifies obsolete or valueless information, and disposes of it, mitigates litigation risks, reduces the cost of both storage and discovery, and can lessen the burden of administration.
MC Bernstein Data’s Information Governance Specialist, Lynn Molfetta, is an expert in the field of Defensible Disposal. She shared with CUBE her 5 essential components for a successful Defensible Disposal programme.
Defensible Disposal, as noted above, is the process of removing unnecessary data/information (paper or digital) your company has created, collected, stored or archived. With the growth of data, companies are finding it very difficult to govern and safeguard information, do not have the time or budget, let alone have the ability to garner executive understanding or sponsorship. Like most seemingly difficult problems, breaking down the actions required and taking the right steps, provide the essential foundation for success.
Tip #1: Get the right people engaged and involved – early and often
Disposing of information requires decisions from many corporate stakeholders and at times a disruption and cultural shift in how companies operate. Based on a recently published Information Governance Benchmarking Report, there continues to be a company culture that resists change, resulting in a lack of management/stakeholder buy-in or support. Disposal projects are typically driven by groups that are looking to reduce costs such as Technology and Operations. Unfortunately, these groups do not understand that Defensible Disposal requires other stakeholder involvement and without it, can derail the project. An effective information governance programme is all about bringing the right stakeholders to the table early on in the process. It saves time, resources and can produce results.
Tip #2: Don’t assume people know what they do not know
Involvement in this project requires communication and education. For most employees their day-to-day scope of knowledge is typically narrow. Before you can defensibly dispose of information it is important to understand the end to end operational processes on where the data/information is being created, stored, archived, and backed up. You will be amazed at what you find out when you ask those in the organization that have responsibility for managing the systems and data. That is another reason why involving the right stakeholders upfront is essential.
Tip #3: Priorities matter – don’t boil the ocean
Prioritize and define what sets of data you want to focus on. With the growth of data, companies are finding it very difficult to govern and safeguard information and do not have the time or budget, let alone have the ability to garner executive understanding or sponsorship. Limiting the scope by defining the information systems in scope enables you to gain traction early on and demonstrate quick wins.
Tip #4: Make sure you have a consistent, repeatable, and documented process
Information Governance Programmes requires the adherence to a multitude of laws and regulations that includes Defensible Disposal. The decisions and processes you follow must be consistent, repeatable and documented. Regulators and auditors expect this. This can include a policy, procedure, or process that you consistently follow, with documented audit trails and reports maintained for decision support.
Tip #5: Maintain the programme
Whatever the impetus for starting to focus on Defensible Disposal, ultimate success comes from the transition of the project into a programme. Defensible Disposal, like all Information Governance initiatives should become a BAU process. This does not mean a long-term roadmap in place that can never be achieved. It means Defensible Disposal and Information Governance are taught as part of compliance training manuals, ensuring everyone in the organization understands the benefits of addressing the objectives, and the risks in neglecting them.