Over the years, general counsels (GCs) have been reluctant to dispose of the growing masses of unstructured data that have accumulated across the enterprise for fear of inadvertently deleting data that should have been protected for current or anticipated litigation. After all, they know that an inadvertent deletion can cause a spoliation charge, triggering an adverse inference instruction and even causing loss of a case.
This risk aversion means that the regular disposal of inactive and valueless data has not been a priority for many organizations. Others, meanwhile, have been championing the concept of defensible deletion as a process to dispose of data in a legally defensible manner.
Also known as defensible disposition or defensible disposal, defensible deletion is the process — manual or automated — of disposing of valueless, unneeded data in a way that will stand up in court as reasonable and consistent.
The challenge of disposing the huge and growing accumulations of unneeded data remains how to determine, first, that it’s not needed in current or anticipated litigation (or for compliance) and, second, that it actually is valueless to both the company and the employee and therefore a candidate for deletion.
Because of the huge volumes of data being created by and flowing into the enterprise, many employees simply don’t have the time to make informed decisions about the status of individual files. Nor has automation offered low enough error rates for GCs and CIOs.
With the advent of secure cloud storage and its plummeting cost compared to enterprise storage, many have fallen back on the strategy of simply keeping everything. But is this the correct strategy?
Keeping too much data raises another expensive eDiscovery problem. All GCs know this basic legal truth: If data exists, it can be discovered, raising the cost of eDiscovery dramatically. Keeping everything also makes it harder and more expensive to actually find data when it’s needed.
To stay ahead of the defensible deletion process, organizations should look at adopting several tools. First, it’s important to create and maintain an information management schedule. This is really a records retention schedule that includes guidelines for non-records as well.
Second, organizations might consider having all employees save content to their local or cloud share drive folders (or to a cloud folder the organization has administrative rights to) instead of saving locally, so that aging and inactive files can be disposed of by a central management function. This practice also helps in eDiscovery.
In the future, predictive categorization and machine learning could completely automate defensible deletion. Until then, however, keeping everything is at best a questionable strategy.