@CloudExpo Authors: Zakia Bouachraoui, Elizabeth White, Liz McMillan, Pat Romanski, Roger Strukhoff

Related Topics: @CloudExpo, Cloud Security, @DXWorldExpo

@CloudExpo: Article

Information Governance By @TeresaSchoch | @CloudExpo #Cloud #BigData #IoT

Rethinking the value of information retention

Information Governance and the Cloud

Too many multinational corporations delete little, if any, data even though at its creation, more than 70 percent of this data is useless for business, regulatory or legal reasons.[1] The problem is hoarding, and what businesses need is their own "Hoarders" reality show about people whose lives are driven by their stuff[2] (corporations are legally people, after all). The goal of such an intervention (and this article)? Turning hoarders into collectors.

In 2013, hoarding was officially recognized as a psychological disorder. According to the Mayo Clinic[3], the hoarding disorder affects emotions, thoughts and behavior. The signs and symptoms can include the inability to part with any possession, regardless of its value; excessive attachment to possessions, including distress at the idea of letting an item go; cluttered living spaces, making areas of the home unusable for their intended purpose; keeping stacks of newspapers, magazines or junk mail; moving items from one pile to another, without discarding anything; difficulty managing daily activities because of procrastination and trouble making decisions; difficulty organizing items and losing important items in the clutter; and more.

Hoarders typically save items because they believe the items will be of value in the future, they feel safe when surrounded by the things they save, or all the items have important emotional significance.

The Mayo Clinic also distinguishes between hoarders and collectors. Unlike hoarders, collectors (for stamps or model cars, for example) deliberately search out specific items. They categorize and carefully display their collections. Even if the collections are large, they typically don't cause the distress and impairment associated with hoarding.

As a consultant, I have worked with the largest of multinationals where the retention policy is simple, "we keep it all." In essence, they keep the junk mail, the piles of newspapers, and data clutter to the point of hindering their ability to manage daily activities. Whether the data announces a past picnic or delineates a business plan does not matter. The justification will inevitably include the excuse that attorneys are fearful of litigation or bureaucratic sanctions because the items might be needed or valuable in the future. Yet while these businesses may succeed in avoiding sanctions for an inability to produce evidence, e-discovery budgets in these careful companies are growing into the millions. In addition, these businesses face tremendous information storage costs and are at risk of violating new regulations requiring the deletion of private information.

All this while strategic plans for creating valuable collections of information to address business and legal needs quickly, effectively and at less cost are often shelved.

Just Keep It All? Or Defensibly Dispose
Microsoft 365 recently set its email retention default to "forever." Some in the information governance (IG) community argue that the governance of how and for what purpose email is used should be the focus of IG using rapidly evolving data analytics software rather than deleting it when it no longer has value. As storing information in the cloud becomes less and less expensive, there will be increased incentive to continue to keep it all, with the "long tail" feeling lighter through offloading regardless of the content's value. Like personal storage units, another business steadily increasing globally, the stuff can be moved out of sight, and in most instances out of mind. The monthly expenditure becomes a steady outflow as a cost for peace of mind without further rational analysis.

In fact, recent conferences in the IG field have advanced the idea that we should be content with the "keep it all" mentality (albeit with some vaguely addressed level of strategic deletion of potentially damaging content, such as Personally Identifiable Information). What is behind the current movement toward simply migrating massive amounts of data, often of unknown origins, to the cloud? Is it driven by those giving up because of the dizzying growth of information? Are those who have devoted years working to convince organizations to limit risks associated with "keeping it all" finally accepting the fact that it is simply not going to happen? Is it a reaction to the future when the Internet of Things (IoT) will be so pervasive that information growth will dwarf our current sense of control?

Do the math. Where is the return on investment in IG? What are the odds of a lawsuit or breach that will cost as much as organizing our data content and getting our house in order?

The amount of information being captured and stored by individuals, organizations and governments is mind-numbing. The fact that as of 2013, 90 percent of existent data had been created during the previous two years has perhaps pushed us to a mental tipping point where rationality is no longer expected.[4]

The only sensible response to all this is defensible deletion, and I base this claim on personal experience. I have witnessed mind-numbing e-discovery projects that were so costly that some companies did not survive. I have seen companies burned by court-imposed sanctions when they could not produce evidence that they thought they had but could not find. I have counseled companies that could not find the information they needed to streamline their business operations and make clear business decisions because they were surrounded by more information debris than useful content. I understand what will happen to companies that keep it all and then get hacked and are required to notify every impacted person or organization of what the reckless maintenance of private information has caused. And defensible deletion continues to be the recommendation of the CGOC (Compliance, Governance and Oversight Council).

The cost of compliance is still lower than potential governmental penalties, personal damages for privacy breaches, and court sanctions, and we must stop looking for quick returns on investments where we should be assessing costs of inaction.

The Future is Not Now
Perhaps in the future, information mapping and data analytics will be so sublime that all relevant information in a lawsuit will be retrievable quickly and accurately. But that would mean that potentially damning evidence that can be used against the organization will also be easily retrieved. I suppose that same amazing technology would also be able to locate all of the necessary information for data breach notification as well, but damages incurred by the organization would grow with every successfully retrieved record, regardless of its current value to the organization.

While it's true that in the near term focusing only on return on investment in cloud-based storage can reduce costs, improve balance sheets, and clear out clutter, what is the business model behind this approach? While storage costs might be fairly low now, organizations have no control over what these storage providers will charge for access to information later using the analytics they provide. Just ask attorneys about hostage fees associated with the storage of paper.[5] The first year or two, law firms paid little if anything for storage, but over time, costs associated with the return of the information became so high that there was no motivation to remove it.

No one likes dealing with what we have generated in the past while we are trying to move forward. We would rather pay to delay laborious decision making without really assessing the true cost of our inaction. We fall for low upfront costs figuring we will get around to solving the problem before those costs balloon. But we do this at our peril.

Evolution: From Hoarders to Collectors
It is simply not in our nature to organize all the stuff we are moving to offsite storage when it has become too much of a nuisance to maintain in our space. If we have decided we don't want to see it every day, we certainly don't want to spend time dealing with it. But if we become collectors of that which is truly valuable to us, it's possible we would never need to rely on cloud storage. Still, if cloud storage is in our future, we need to approach it intelligently and rationally, rather than with the reckless disregard of the hoarder.

Attorneys and C-level executives would do well to understand that there might be no organization to protect against risk if they continue hoarding. They need to prepare themselves to defend against any unreasonableness on the part of the company and take the action necessary to hone in on deletion of information that is no longer required for business purposes, is not regulated, and is not likely evidentiary. They need to communicate with IT about what needs to be maintained and what can be deleted. IT needs to wrap its head around the economics of business continuation and aid attorneys by ensuring that disposable efforts are reasonable, methodical, and auditable. Thinking like collectors is more likely to keep the company's head out of the clouds and ensure the long-term survival of the business.


1. See Paknad, Deidra," Information Economics: Developing a Strategy for Reducing Information Risk", Corporate Compliance Insights, August 5, 2013.

2. IBIS World predicts self-storage revenue in the U.S. will reach:

  • $28.2 billion in 2015 (up from $28.1 billion in 2014)
  • $29 billion in 2016
  • $29.5 billion in 2017
  • $30.5 billion in 2018
  • $31.5 billion in 2019
  • $32.6 billion in 2020

Egan, John, "Forecasts: Self Storage's Surprising Space," August 21,2015

See also Vanderbilt, Tom, "Self-Storage Nation

Kehoe, Todd "Off the List: Self Storage's Surprising Space."
Kehoe points out that all of the people currently in the U,S. could fit into  U.S. personal storage units

3. http://www.mayoclinic.org/diseases-conditions/hoarding-disorder/basics/definition/con-20031337

4. Science News, "Big Data, for better or worse: 90% of world's data generated over last two years."

5. See Schoch, Teresa, "Attorneys Held Hostage", New York Legal Admin. J., 2011.

More Stories By Teresa Schoch

Teresa Pritchard Schoch is Associate Director at Berkeley Research Group, LLC, and a Member of CGOC. She is a recognized expert in information retrieval software, global privacy law and management, records and document management, and information governance. Her diverse experience includes the practice of law, law-firm information management, e-discovery management, and team building within corporations and law firms. She has provided records, privacy and e-discovery management and information governance consulting to national law firms and global corporations, and disaster recovery management consulting for the federal government.

Teresa has several current certifications, including certified records manager, certified information privacy professional, informational governance professional, electronic records master’s certification, and others.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
The precious oil is extracted from the seeds of prickly pear cactus plant. After taking out the seeds from the fruits, they are adequately dried and then cold pressed to obtain the oil. Indeed, the prickly seed oil is quite expensive. Well, that is understandable when you consider the fact that the seeds are really tiny and each seed contain only about 5% of oil in it at most, plus the seeds are usually handpicked from the fruits. This means it will take tons of these seeds to produce just one bottle of the oil for commercial purpose. But from its medical properties to its culinary importance, skin lightening, moisturizing, and protection abilities, down to its extraordinary hair care properties, prickly seed oil has got lots of excellent rewards for anyone who pays the price.
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected path for IoT innovators to scale globally, and the smartest path to cross-device synergy in an instrumented, connected world.
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
ScaleMP is presenting at CloudEXPO 2019, held June 24-26 in Santa Clara, and we’d love to see you there. At the conference, we’ll demonstrate how ScaleMP is solving one of the most vexing challenges for cloud — memory cost and limit of scale — and how our innovative vSMP MemoryONE solution provides affordable larger server memory for the private and public cloud. Please visit us at Booth No. 519 to connect with our experts and learn more about vSMP MemoryONE and how it is already serving some of the world’s largest data centers. Click here to schedule a meeting with our experts and executives.
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understanding as the environment changes.