Are you disposing of your data correctly?

22 Aug, 2016

One of the British standards promotes secure destruction – but now it’s not just the secure destruction of paper facing companies.

Digital debris: how long should we store data for, and what type of data is most at risk?

Around the world, we create 2.5 quintillion bytes of data a day and this figure is rising. Whether on-site, off-site, in the cloud, large volumes of ‘big data’ are captured and stored.

Think about emails and attachments, CRM systems, text messages, log files, conference calls, social media – masses of data, that track not only workflows but online user habits as well.

Data is being generated all the time. Let’s take a look at how much data is generated every minute from social media alone (Source: Domo – Data Never Sleeps):

• Facebook users like 4,166,667 pieces of content
• Twitter users tweet 347,222 times
• YouTube users upload 300 hours of new video

But what about the data in my business?

The dangers and consequences of storing various types of data are still apparent for small businesses. If you were to suffer a breach – what information could be accessed or compromised?

What potentially sensitive data do I keep that might have expired?

With data debris the key is to work out what is adding value to your business and what is simply being stored for the sake of it. Most businesses with keep information about ex-employees, might misfile documents, create draft or multiple copies and even forget about potentially sensitive information stored on legacy systems.

You might find you still need to hold some data by law or a legal requirement and disposing of useful data too soon could have a negative impact to the business. However, some of this data might pose a danger to many small to medium businesses if not destroyed or securely stored.

Information Governance

Information Governance looks at process and procedures in place to manage information and data capture within an organisation. Another element is analysing how best to create value from this information and reduce any risk the information might pose.

Creating a data retention policy

Active data management looks at expired data as having less value, but increased security risk. Having a data retention policy in your business allows you to regularly review the data it holds, review the length of time it is held for and how to approach data archiving and then disposal.

By disposing of old data you can focus on extrapolating more useful data for analytics and business use. Furthermore, you can improve the performance of IT systems, reduce costs, further develop your infrastructure, improve risk management and increase security and privacy assurance for customers and staff.

For more information take a look at the ICO’s advise for disposing of personal data or review the Government’s Data Protection rules.

Sources: ICO, EDRM – Disposing of Digital Debris, ActOn