When Data Retention Is a Bad Idea

An article by Russ Cooper has recently appeared on mcpmag.com: “Companies keep more and more business data in electronic form as the cost of storage drops and regulations like Sarbanes-Oxley require companies to preserve data for legal and accounting purposes”.

E-discovery services are not limited to law firms: Many companies contract such services to proactively find regulatory problems in their archives. E-discovery services examine company archives to find relevant files, preserve them for use in court and give access to lawyers who need to analyze the data as evidence. As companies seek to reduce discovery costs, discovery features may be added to storage solutions.

One of the major concerns about e-discovery is that, “with the dramatic drop in storage media costs, IT departments may become lax about determining what data they should be storing and what should be trashed. In so doing, the more data they have stored, the more vulnerable that company will be to such problems and costs”.

“In the U.K., it’s no longer a question of whether or not data must be retained, but how long it must be retained for. Consideration regarding the unintended consequences of insisting on retention seems not to have been given”.

To further illustrate the potential problems, Brian Sartin of Cybertrust’s Forensic Investigations organization said in a recent discussion that in a considerable number of the credit card number loss cases the team has worked on, the company in question was unaware that the credit card numbers were in the data at all. Companies might be aware of some files that would or should contain such details, but were unaware that other files were storing it also. As such, it may well believe the company has done a good job of protecting such sensitive information, yet still have it compromised. Extending this thought to e-discovery, if the files that are being archived contain information the company is unaware of, then that data may be discoverable in the future when it might otherwise not have to be.

“How data is stored makes a significant difference to what can be retrieved. For example, if archiving is automatic and deletion of archives happens after it has been transferred, then it may be possible to recover deleted items from the physical media the archive is created upon”.


This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. With FindProtected, it is way much easier to discover electronic evidence that may be used in litigation.

Leave a Reply