For many businesses, the hardest part of information governance is flipping the switch when it comes to deletion. That’s not surprising, because there’s one driver of the keep-or-delete story that many organizations ignore.
Fundamentally, the decision about what to keep and what to delete is made more difficult by the inability to consistently assign value to content—a situation which only compounds overall risk exposure. When it comes to data, information, or files, an individual’s feelings of ownership are in many cases skewed for the simple reason that people place higher value on “their stuff” than that particular information may be worth to the organization. Keeping everything has a way of giving people that warm and fuzzy feeling.
The problem, of course, is that governance through inaction leads to more and more information being managed and to greater risk exposure. Not to mention there’s the potential for increased costs when it comes to litigation and infrastructure—and reduced employee productivity.
These are all concepts in the field of infonomics—which turns out to be quite relevant for organizations looking to derive real value from their information assets. (For more on the subject, take a look at the recent Gartner publication, Infonomics, by Douglas B. Laney. I heard Laney speak at last year’s Document Strategy Forum conference, and he validated many of my own ideas—not to mention my own experience with information owners.)
Accordingly, I propose that we treat Information Governance as we would an Economics 101 problem.
Here’s the proposition: Think about content as having supply and demand components. By analyzing the supply against the demand, we can use the intersection of the two curves as our decision point when it comes to deciding whether to retain or to delete a particular piece of information.
It works like this: Any content that falls on the left side of the intersection of the two curves is still inexpensive to keep. The information is still valuable, or low-risk, or falls within the organization’s existing retention schedules. That information should be kept.
Any content that falls to the right of the intersection is too expensive or too risky to keep. It’s outside the time constraints of the retention schedule, or it has no value and should be destroyed. Looking at the value of information means that a company’s decision either to keep or destroy content is simplified. It becomes much more black-and-white and objective, as opposed to complex, subjective, or emotional.
But while the supply-and-demand principle of information retention is simple, it does require some work to put into action. You’ll need to make some informed decisions based on an analysis of the content itself.
On the supply side, first take stock of the age and the volume of the content; this will help you determine the supply curve. As the age or volume of the content grows, the supply of overall content increases. I can tell you that without effective governance, the rate of growth increases almost uncontrollably.
Next, look at the demand curve. Understanding the need for the content through the respective lenses of users, regulators, or potential litigation will help you build the demand curve. This curve is built by recognizing that the demand for any single piece of content decreases over time and with the increase in overall supply of information.
Let’s look at another graph to help us visualize and make some assumptions for a real-world example. Let’s also list these assumptions. And let’s further assume that the content is both highly regulated and contains personally identifiable information (PII). It’s subject to audit.
Given these assumptions, the intersection of the two curves occurs sometime after 3 years, the time when users stop needing the content. At the 3-year mark, we know that demand is low, but risk exposure increases with regard to potential litigation and/or breach fines. Here, it’s important to make a decision about what to do about the data.
What if this is highly regulated content with a regulator-defined retention period? This would require a new demand curve: a compliance demand curve. Let’s say that the retention period for this industry is 10 years. With the new compliance demand curve, we also have a new intersection point at the 10-year mark that we can use to make our decision.
Using this approach and analysis allows us to offer solutions to multiple internal stakeholders and partners: internal security, IT, Legal, and the business itself. The first intersection point—3 years—is an excellent time to archive highly sensitive and expensive-to-maintain data. These should be moved to a secure, inexpensive archive solution. However, content that falls beyond the 10-year mark is subject to automatic deletion to comply with stated retention rules.
In my experience, if an organization takes a more analytical, objective approach, it’s possible to make consistent and defensible decisions. While there always will be work involved to get there, you can achieve greater success by taking a supply-and-demand, analytical approach for each repository you manage.
And if you’re looking for an approach to help you identify what to keep and what to delete, Doculabs can help. Check out our practices in Information Governance and Information Security, and see how we can work with you to take that more analytical, objective approach to information governance.