Understanding what your organization is working with through mapping and classification of your data is the first step. So it's time to get a handle on this "dark data". Implementing Data Retention Best Practices With new data regulations appearing (GDPR, CCPA, etc), the need to remove specific data over time is also necessary to maintain compliance. Dark data also presents risks beyond just unnecessary costs. While regulatory compliance is often cited as the reason for dark data, the truth is that an over abundance of dark data may be caused by data mismanagement, poor communication, or a data-hoarding mindset. In a survey of corporate CIOs and general counsels conducted at the Compliance, Governance and Oversight Council (CGOC) 1 summit, it was found that 69 percent of all the data collected and maintained by most organizations had no business, legal or regulatory value at all. It may create unnecessary costs in terms of resources that could be better focused in more important areas. It's generally unseen by users as it may be unstructured and disorganized. The exponential growth of data collection has created a problem as a vast majority of data (dubbed " dark data") sits unused. Yet a surprisingly small percentage of this data is considered business critical.
According to the Information Systems Audit and Control Association (ISACA) journal written by Lorrie Luellig, J.D., and Jake Frazier from IBM, “A lack of insight into what information needs to be kept, has led many organizations to accumulate mountains of electronically generated debris in the form of excess applications, servers, storage and backup tapes that no longer have any utility.” 69% of Data Collected Has Little or No ValueĪccording to a recent IDC report, the amount of data stored globally is doubling every four years. Today, it is important for organizations to remember to not store data longer than what is required. Understand your legal requirements (HIPAA, PCI DSS, GDPR, CCPA, FERPA, etc.)ĭata retention refers to your companies policy regarding how long data will be stored and/or archived as well as removed when no longer required, in order to meet legal, operational and regulatory compliance.
And while data protection laws often dictate what data must be kept and for how long, they also often require businesses to remove specific data after a certain period of time. Data which contains private customer information (such as PHI) may require special treatment when it comes to retention. Understanding what type of data you are collecting, how frequently it is being accessed, and how long you must keep it, are the basic elements knowledge required to develop a data retention strategy for your business. Data grows at an astronomical rate and if not properly managed, can cost your company a hefty price tag in terms of storage, management and liability.
0 kommentar(er)
