The Case for Data Destruction (and Why Data Retention Mandates Would Make it Impossible)

by on February 25, 2009 · 6 comments

Over at Computerworld, Ben Rothke makes the case for “Why Information Must Be Destroyed.”  “Given the vast amount of paper and digital media that amasses over time,” he argues, “effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort and heartache, legal costs as well as embarrassment and more.”  He continues:

Every organization has data that needs to be destroyed. Besides taxes, what unites every business is that they possess highly sensitive information that should not be seen by unauthorized persons.  While some documents can be destroyed minutes after printing, regulations may require others to be archived from a few years to permanently.  But between these two ends of the scale, your organization can potentially have a large volume of hard copy data occupying space as a liability, both from a legal and information security perspective.  Depending on how long you’ve been in business, the number of physical sites and the number of people you employ, it’s possible to have hundreds of thousands, if not millions, of pages of hard copy stored throughout your company — much of which is confidential data that can be destroyed.

He’s no doubt correct that it makes good business sense to routinely purge data — both physical and digital — to guard against theft, misplacement, leaks, abuse, or whatever else.  Of course, in the context of digital information, there are many folks who would like to see digital records purged more frequently to avoid growing concerns about online privacy.  I think most of those concerns are over-stated, but it can’t hurt to destroy most collected information after a certain period to play it safe and keep customers happy.

Problem is, as we discussed here last week, if some lawmakers in Washington get their way, it might be illegal to do that!  Quite obviously, data retention mandates are at odds with data destruction efforts.  [Mitch Wagner has more coverage of the data retention debate over at Information Week and he quotes my PFF colleague Sid Rosenzweig.]

Previous post:

Next post: