Retention practices are not meeting beliefs
This is a continuing trend - last year's survey showed that despite stated beliefs about what information to retain; real-life practices differed significantly. This year was little different. For example, 81 percent believe that deleting certain information regularly is part of an effective plan, compared to 79 percent last year. On the other hand, 42 percent of backups are kept indefinitely, which is actually a slight increase from 40 percent last year. This is particularly significant in situations when the legal requirement to hold on to certain files has passed, and holding on to the files further can be detrimental in case of legal proceedings, as they must still be produced if they are in the organisation's possession. Other challenges caused by storing too much information include higher costs and more time required for reviewing information, and a higher overall risk of confidential information exposure. The survey also found that even when files are deleted; it is often done without reference to actual information retention policies.
Legal hold is also affected by the kind of storage being used to preserve information. Unlike backups, archives are designed to be easily searched, but more than half of respondents (56 percent) indicated that they are using backups for indefinite storage, up significantly from last year. And the vast majority of businesses (85 percent) are using backups for legal hold, which makes it more complex to access files needed. This is even more serious considering that 34 percent of information is actually unnecessary to keep because of the legal risks it poses.
New laws and regulations are affecting businesses
The vast increase of information - and ways to share it - has led to increasingly strict and complex information security laws. Just over half of organisations say this is having an effect on their ability to archive data and produce it for eDiscovery needs. They now report collecting electronic information for litigation needs, internal investigations and compliance, as well as local and international laws and regulations.
Making information retention work for you
An effective information retention plan begins with a defensible mindset, allowing files to be deleted in accordance with polices to reduce total storage and eliminate unnecessary risks. A plan should begin with a few select policies such as removing files that are obviously not needed, and a sensible retention period. More policies can be added as the plan is refined.
Technology can help simplify retention through automation, providing consistent application of policies and keeping files more secure. A unified eDiscovery solution may also be appropriate, one which prioritises the legal hold process to override file deletions that can cause potential litigation concerns. Finally, businesses should implement an archiving solution to handle eDiscovery requests. This improves responsiveness to requests and greatly simplifies the search process. Deploying the right solution in conjunction with the proper policies applied throughout the organisation can help businesses deal with the overwhelming amount of information they are creating, and improve their legal position. Again, let your information work for you, and not against you.
Tan Yuh Woei is Country Director, Symantec Singapore.
Sign up for CIO Asia eNewsletters.