We all know that drawing conclusions from survey data can be misleading (after all, 90 or 95 percent of all statistics are made up on the fly), but the response to a recent question struck me as deserving further attention.
Doculabs recently partnered with EFM to develop a survey for its membership database, which is made up of IT leaders at organizations of all sizes from across all industries. The goal was to learn more about how firms are managing their core business applications and the data that resides in them.
The questions ranged the gamut from how they manage, pay for and cost their applications and storage, to what policies are in place for domains like information security and records management, whether they currently tier or purge data to whether they charge back the business for services.
We’re still digging into the results of the over 500 responses we received, but for now, I want to focus on one question, which said volumes about how folks are managing their structured data and applications (see Figure 1).
Looks Good at First Glance …
Figure 1: How Do You Purge Your Data Once It’s Passed Its Legal or Operational Life?
At first glance, the response to this question seems to paint a fairly rosy picture of structured data purging: fully 70 percent of respondents purge in some way shape or form, with 25 percent reporting that they don’t purge at al (5 percent were not sure whether they do or not). For all the keep everything forever, digital landfill doom and gloom we hear out there, this sounds pretty good.
That is, until you look at the nature of the purging going on. Only one-third of respondents reported doing regular purging, whether automated (21 percent) or manually (12 percent). The rest reported purging on an ad hoc basis, whether automated (10 percent) or manually (26 percent).
And That’s a Problem
For those of you with Records Management or e-discovery backgrounds, these percentages should give you pause. If you’re purging on anything other than a regular basis according to published policies and procedures, you’re not compliant, either with record keeping conventions or the ways judges have tended to interpret the Federal Rules of Civil Procedure (FRCP) to apply to corporations.
So what these numbers suggest is that two-thirds of respondents are not compliant with either record keeping conventions or the FRCP — a scary, scary number. The firms ranged in size from <1000 all the way up to >100,000, although the majority fell in the <1000 to 50,000 range (only two were >100,000). Responses came from all industries.
While I don’t want to extrapolate too much from one data point, these results suggest that the problem of over-retention or indefensible disposition is widespread. And don’t you think this merits a deeper look both by internal practitioners and thought leaders?
About the Author
Joe Shepley is a strategy consulting professional living and working in Chicago. In his current position as Vice President and Practice Leader at Doculabs he focuses on helping organizations improve how they manage information using technology and processes.
Want to learn more about Compliance and Compliant Security? Register TODAY to view our October 7th Webinar on “Achieving Compliant Security”