Data disposal: The security element companies can’t afford to forget

Let’s say your organization recently decided to increase its focus on data security. Your team is tired of reading headlines about breaches and data theft incidents, and your company doesn’t want to become another statistic. While there’s much to keep in mind as you outline and implement a data protection plan, there are a few themes that are commonly present among companies that effectively manage their data:

  • IT and security teams work together to understand and protect data. No matter your position within your organization, it’s no longer sufficient to feign ignorance or claim that data security isn’t in your job description.
  • Security starts at the data level – specifically, with knowing what you’re storing, how it’s being used and whether it’s providing value.
  • If you’re storing data indefinitely without a plan to archive or safely dispose of it, security risks will dramatically increase.

Each of these elements is critical to upholding data security, but data disposal practices often fly under the radar – or worse, they’re left out completely. For the same reason you probably shred confidential documents before throwing them away, your organization should take into account that deleting information won’t necessarily scrub it from existence – nor will it excuse your company’s involvement if that information resurfaces and sparks a security incident. However, as unstructured data volumes grow up to 80 percent each year, data management and disposal can feel like overwhelming tasks.

To safely delete data while preserving critical information, below are three priorities for your team to adopt:

  • Find out what you need to keep, what you should delete, and what you can archive. Search and filter your data using strategic keywords to sort information by topics, classification tags, file types, time frames and locations. Once your information is organized, you’ll have a clearer view of what should be done with it.
  • Look out for liabilities and legal risks. Legal issues regarding archived or deleted information can surface years after a file or folder has exited your list of priorities. Audit your data for compliance and security violations, then use your newfound perspective to make informed decisions about what to delete, what to archive with increased security, and how to dispose of certain files.
  • Automate data governance. With automatic, periodic audits and reports as part of your company’s data governance and security plans, you’ll unearth dormant data and enforce compliance policies without having to add yet another item to your monthly to-do list.

Data management doesn’t have to be a chore – but recovering from a security incident spurred by lagging disposal and governance policies is usually expensive and tedious. According to EDRM, part of the Duke Law Center for Judicial Studies, more than 50 percent of the data most companies are storing has no legal, business or regulatory value. Rather than letting this excess data weigh your organization down, implementing smart policies and frequent auditing can help your team get ahead of the curve and make better use of its critical information.

What’s lurking in your data? Request a free assessment to find out.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.