What Data Do You Store?

dumpsterI’ve read several blogs this year by Isaac Sacolik who has coined the phrase ‘dark data’ to describe anything retained by a company that is not a part of the day-to-day operations. In the old days this data would have consisted of the old paperwork that companies kept in file cabinets. But today, since everything is now electronic, companies can amass a mountain of emails, text messages, IMs, spreadsheets, word document, pictures and all other sorts of information.

I know in the old paper days that once a year I made all my employees take a few hours after New Year and toss out older paperwork. I refused to allow a proliferation of filing cabinets and we rarely kept anything more than a few years old. So each year I dealt with old data by tossing anything that was more than 3 – 4 years old.

But everything has changed today. It’s not unusual for companies to have computer systems or cloud systems that capture electronic information which might be kept forever if there isn’t a specific policy or plan to get rid of it. Storage is getting so cheap that it’s tempting to just keep everything.

But Mr. Sacolik points out that dark data can be a potential source of value to a company but is more likely to be a threat. Every day we read about companies getting hacked and records being copied and the big problem with dark data is that you probably don’t even know what it contains.

In the old days there was less risk of something really damaging being kept because the process of having to explicitly write and type memos meant that somebody had to go out of their way to put something damaging in writing. But it still happened. I remember being a witness in a lawsuit against one of the RBOCs where the normal legal discover process uncovered an internal memo where a VP said they wanted to put the plaintiff out of business. That smoking gun meant game over in the legal process.

But today, because everybody can write emails there is a much larger change that employees are saying things that you would not want to see the light of day. And it’s likely that unless you get into a lawsuit and you look at emails that you even know that damaging emails exist. The dark data you are keeping might detail illegal or unethical activities, embarrassing employee behavior or details about trade secrets that you would never want to see published.

While discover in a lawsuit could be damaging, the real danger comes from being hacked or from actions taken by a disgruntled employee. One would have to assume that somebody that hacks a company will have no compunction against using whatever they find for financial gain. There are likely many things in your email records that could either harm you or help a competitor.

The obvious answer to this issue is to have a policy to deal with data retention, and then to enforce it. That is not always as easy as it sounds because there are often many unofficial copies of dark data and you can’t assume that the copies on your corporate storage are the only copies of data that exist. Employees make copies of data on computers. And there are files stored with off-line storage devices and even on myriad thumbnail drives. The biggest problem with electronic data is that it’s so portable.

But there are steps you can take. Certainly there are tactics that can help protect you from being hacked. This starts with not putting really sensitive data onto public storage. But it also means taking basic precautions like always using encryption in both storing and transmitting data outside the company.

But perhaps the best precaution of all is to have a policy to get rid of old things. Every company has packrats who never want to get rid of anything. But if you believe there is value in your dark data one has to wonder why you aren’t mining that value. The chance are that you are going to be better off by getting rid of old data. There are restrictions of course. There are IRS rules for the retention of financial data and you may have contractual requirements, particularly if you work for government entities that require you to keep specific data. But the vast majority of the things you keep have little or no positive value and at least some of it can be damaging. So get out the electronic dumpster periodically and toss things away.

Leave a Reply