Over the last few years, we’ve reached a tipping point in terms of the need to gain centralized oversight over our data. We are besieged by breach and bad actor events, our data is halfway between the data center, the cloud, and our pandemic work from home environment, bad leavers are everywhere, shadow IT lurks in every corner, crown jewel and credit card information hides in home directories, and every month new international and state by state regulations emerge to force us to account for all of our data, especially personal.

Data has been piling up in corporations since the Zubulake days twenty years ago, when corporations became reluctant to dispose of ANY data. Warehouses are full of old backup tapes, business records are dispersed within massive email message stores, former employee data is everywhere and nowhere, numerous systems have been retired but still sit on the premises, and the company has been through multiple M&A transactions and inherited scads of unknown data.

All of these factors create headaches for e-discovery, risk, operations, records retention, compliance, investigations, migrations, cyber-insurance, and mergers.  So what’s a forward-looking corporation to do? 

Steps to take to enter the new year with a fresh sense of purpose and “data awareness"

  • Start by reviewing the (often outdated) policies that are the “engine” behind the corporation’s processes and technology, including records retention, records classification, legal hold, employee handbook, former employee, acceptable use, and security policy.
  • Initiate the process a creating a central catalogue of data and applications in the company, including what division, office, and department owns and manages them.  This would include structured and unstructured data, cloud-based and on-premises applications and data sources, those managed by third parties, archive and backup, and data not centrally managed, such as in workgroups, SharePoints, home directories, shared directories, and collaborative systems.
    • These days, a sharp look at the corporations involvement in social media and its use of real-time messaging present fresh headaches.  Finally, “shadow IT” presents a growing problem as users with legitimate but unmet business needs take data management matters into their own hands.
  • Create a working group of representatives and stakeholders from across the business, various departments (e.g., marketing, finance, supply chain, R&D, etc.) along with legal, information technology, risk, and compliance.  Working together will also break down some of those ownership barriers that prevent a unified view of the organization’s data.
  • Define a data disposition plan to identify redundant, obsolete and trivial data (e.g., ROT).  Remember that identifying the data is only half the battle – “it take a village” to authorize it to go away forever.
  • Develop a “go-forward” data classification structure that will assist in putting guardrails around all of the unstructured, unmanaged, potentially sensitive information in a way that doesn’t burden the user.

How Can We Help?

Our team can assist with policy review and definition, building an “evergreen” catalogue of data across the organization, sampling the network for sensitive or expired information, preparing for a cloud migration, implementing an effective legal hold program, and building plans to disposition and catalogue your data, including the inevitable legal hold backlog.

Other Best Practices