IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives Book Proposal Guidelines IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives Book Proposal Guidelines
IT Today is brought to you by Auerbach Publications

IT Performance Improvement



Networking and Telecommunications

Software Engineering

Project Management


Share This Article

Free Subscription to IT Today

Powered by VerticalResponse

Cloud Computing Strategies
Implementing the Project Management Balanced Scorecard
Process-Centric Architecture for Enterprise Software Systems
Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World
Project Management Tools and Techniques for Success
Implementing Electronic Document and Record Management Systems
Healthcare Informatics: Improving Efficiency and Productivity

When It Comes to What to Keep and What to Dispose, You're Giving Your IT Team a Billion Choices

by Deidre Paknad

We all know that data not subject to legal or regulatory requirement and without any business value should be disposed. It's getting more important every day:

  • 40% or more of corporate data is not subject to a specific legal duty and has no business value
  • Corporate data volume grew by about 50% last year, budgets grew by 0%
  • IT spend averages 3.5% of revenues - data management is not cheap (Gartner)
  • IDC predicts data will grow by a factor of 44 in the next 10 years

The bottom line is companies that can and do dispose of unnecessary information return more profit to shareholders and can use their IT budgets for strategic investments rather than waste management.

Defensible disposal is certainly worth doing, but most companies give IT a billion choices to make to determine what can safely be disposed. And that's why nothing gets disposed.

Most companies have:

  • 100 to 15,000 matters and legal holds
  • 300 to 3,000 record classes
  • 1,000 to 15,000 regulations that mandate specific record keeping
  • 1,000 to 50,000 file shares, SharePoint sites, ECM systems and applications
  • 2,000 to 40,000 departments of people working on specific business functions
  • 10,000 to 1 million employees
  • 3 to 130 countries in which they operate

To make a point, let's take the smallest of these companies and ask what IT would need to know to dispose of data defensibly: which of 100 legal holds and 300 record categories apply to which of 10,000 people working in which of 2,000 departments whose data is located in which of 1,000 servers or apps. That's a billion potential combinations of legal obligation or business value applicable to any one person and information source. This, of course, is why most IT organizations haven't been able to confidently dispose of data for years and why routine disposition is so difficult. It's guess work or it's leg work -- but it's not reliable work.

We do legal holds and records management, so where is the breakdown?
Many companies lack systematic linkage and transparency between the people who determine the legal obligations, the people who determine value, and the people who manage the information. (This is what the IMRM points out; see

In addition to the lack of connectivity and transparency, the form of legal hold and form of retention schedule are often part of the problem as well. Legal holds are described by the custodians involved; retention schedules by the business function and record class. Neither tie to information sources. Often, the form of retention schedule was never modernized from its application to paper records in a single location, and it is so generalized that it cannot be reliably applied by people who manage electronic information in multiple sources, which may or may not be records but need to be disposed nonetheless. Some legal departments choose to manage legal holds as simple email notification, ignoring the thousands of employees in IT involved in managing the data (and the risk this represents). I still see companies where no one in the legal department knows definitively who is on hold, so it's impossible for IT to know. For IT there isn't enough specificity to consistently and confidently execute, so they keep everything.

If we index it all, won't that tell us what to do?
In a word, no. Searching and indexing five petabytes of data will not tell you what's on hold, what's of value and what's subject to regulatory obligations. Although it may take weeks or months to index it all, it will not solve for the billion potential combinations of legal obligation, business value and information source. The obligation and value of information are not determined by their text content but rather by business people making systematic, informed business decisions. Presenting them with an index of petabytes of data and asking them to make retrospective business decisions is a non-starter.

So how do you achieve defensible disposal?
The four corners of defensible disposal best practice:

  1. Systematically link the business processes in legal, RIM and IT to provide structural collaboration and transparency; workflow and automated collaboration rather than conference room collaboration.
  2. Modernize the RIM program and conduct a systematic information inventory that captures value, local terminology, and points to the many disparate locations where information is stored in a structured application shared with legal and IT, rather than the spreadsheets or access databases typically used in schedule refresh work.
  3. Treat legal holds as an enterprise function where people, records, information categories and sources are properly identified and the hold is transparent to stakeholders rather than as legal department issue myopically focused on notices going out but leaving IT is on its own.
  4. Ensure that IT can determine in their terms and with little or no interpretation who and what is on hold, what is of value and what is subject to regulatory obligation rather than guessing or assuming that all information has the same value or is subject to the same obligations.

Information Governance (IG) application software can push hold, collection, retention and classification instructions to search tools and repositories and provides IT with truly actionable procedures per data source. Sophisticated search tools can then readily determine which of the small set of record categories and policies and legal holds apply to a single, specific department, data source or individual.Smart repositories can then execute the instructions applicable to the data they contain. This increases infrastructure value, reduces their cost of deployment and improves results for users.

More importantly, IG application software and the linkages it provides enable IT to defensibly dispose of data without duties or value. It will help legal accelerate discovery and defend their process as equal beneficiaries of the information inventory and transparency into the business and IT. It will ensure that the business gets smaller bills from IT and smaller bills from legal, and they will be able to find what they value without wading through garbage first.

To quote Peter Drucker, innovators address what is visible but not seen. Massive data accumulation happens when IT can't easily determine what's subject to obligation and what's of value. Make it easy to determine by adding application software to your Information Governance Program.

About the Author

Deidre Paknad, is the Founder of CGOC, and President and CEO of PSS Systems. Deidre is a seasoned entrepreneur and executive with 20 years' experience applying technology to poor functioning business processes to reduce cost and risk. Prior to PSS, she helped Certus launch its Sarbanes Oxley software solution. Deidre previously founded and was CEO of CoVia Technologies from 1996 to 2000, where she was inducted into the Smithsonian Institution for innovation in 1999 and again in 2000. She held operations and marketing management posts at Altera Corporation, Consilium (acquired by Applied Materials) and Zinka over the course of her career.

© Copyright 2010 Auerbach Publications