Reality television shows like “Britain’s Biggest Hoarders” and “Hoarders” in the US examine individuals who experience acute distress at the idea of throwing things away. Extreme examples from the US show include a man who saved every single copy of National Geographic ever printed and a woman who could not part with a collection of more than 50,000 dolls. Such hoarding invariably wreaks obvious havoc on the lives of those who suffer from it.
Large organisations are also susceptible to this phenomenon, but instead of cats and magazines, they hoard data. And while the hardship endured may be less obvious, it is nevertheless quite real and can have a major impact on a company’s bottom line.
A symptom of the malady is a tendency on the part of organisations to treat all data equally, that is, as if it is of equal business value, carries the same level of legal and compliance risk, and is worth whatever it costs to keep it. The immediate effect of this is a psychological paralysis.
The organisation is unable to delete data of any kind. And the long-term prognosis is ever-increasing cost and risk—along with lower productivity because over time employees lose the ability to find, use and protect what is actually valuable to the organisation.
The economic consequences of hoarding are staggering. Today, many large organisations manage a few petabytes to a few hundred petabytes of data. According to “Gartner IT Key Metrics Data”, the total cost of storing and managing one petabyte of information is nearly US $5 million per year.
Meanwhile, according to the Compliance Governance and Oversight Council (CGOC) the amount of data organisations could defensibly dispose of is nearly 70%. A survey of CGOC members revealed that only about 6% of data is subject to legal hold and regulatory obligations, 1% and 5% respectively, with 25% having current business value.
This means that only about 31% of all information currently being stored actually needs to be kept. To be safe, let’s round up to 40%, but that still means that 60% of corporate data is of no value and carries no obligation.
What an opportunity! In a company with just 1 petabyte of target-rich data, as much as 600 terabytes of data could be disposed of—potentially reducing costs of up to US $3 million per year. Consider where this money could be invested. If a knowledge worker costs a company an average of US $120,000 per year ($100,000 salary and $20,000 in overhead), then 600 terabytes of waste represents 25 full-time positions!
In case you think this analysis is too simple, that there must be more complex risk elements in the law, I would agree that in some cases there is. For example, businesses in highly regulated industries may be required to retain more data types for longer periods of time. But this changes the analysis only by a few percentage points.
Besides, regulation is increasingly on the side of proper disposal. Privacy directives in the EU and other states typically contain a “purpose of use” limitation that dictates that an organisation may keep private or confidential information only for the time period that matches its purpose of use.
In the United States, HIPPA, GLBA, and scores of other regulations carry similar privacy limitations. And in February of 2012, the White House released “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy“, which states:
“Companies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise”.
Organisations suffering from hoarding must face this painful truth. They will eventually be in direct or indirect conflict with privacy regulations. Only by disposing of information once it is no longer needed can the risk of a violation be reduced.
How can an organisation cure itself of hoarding? In the television shows, the social workers and law enforcement personnel have the advantage of having only one person to convince. A large organisation has many stakeholders, including the legal department, the records and information management or compliance department, the privacy and security department, business users, and IT.
But once these groups join forces, they can spearhead the development of an information lifecycle governance (ILG) program that can enable the defensible disposal of valueless information, or “data debris”.
Because of the scale of data collection today, the adverse effects of data hoarding are impacting the boardroom, the earnings per share section of the income statement, and even the employment market. But there is an antidote. By implementing a robust program for information governance, organisations can defensibly dispose of unnecessary data and lead a more productive life.