19 Jan Why is Data Disposition an Essential Risk Reduction Strategy?
Why is Data Disposition an
Essential Risk Reduction Strategy?
19 January 2021 · 4 min read
It is accurate to say that we live in an era where there is more data than ever before. An estimated 40 zettabytes or trillion gigabytes of data existed in 2020 with more generated every day. Organizations process, retain, and use this data every day to improve decision making and provide better products and services.
But what happens once the usefulness of any piece of data has expired?
Before GDPR and other stricter data privacy & cybersecurity standards and regulations, organizations may have retained data indefinitely. Once these laws and regulations were passed, they required organizations to stop keeping data beyond its usefulness.
And that’s not the end of it! An increasing number of privacy and cybersecurity standards are being implemented, making the privacy landscape more complex than ever. These regulations make holding data for longer than necessary a risky endeavor for any organization and require limited retention, or what is called data disposition.
Data disposition is the process of step-by-step destruction of data that is no longer needed. The steps may differ from organization to organization but could entail archival, movement to a different system, anonymization, and finally, full deletion.
Ideally, each of these steps should have a trigger. For example, once a project is completed, the data related to it should be archived. After six months, the data can be moved from one collaboration system to another, so let’s say from Microsoft Teams to your designated Document Management System (DMS). From there, after a year, it can be anonymized, and in another year, fully deleted.
Data disposition as a critical governance component
Data disposition is only one part of an organization’s governance program, but it is essential to reducing risk throughout a project or engagement’s lifecycle. Failure to engage in data disposition results in over-retained data and exposure to immense privacy, security, and legal risk.
There are several reasons why organizations should carefully consider their disposition strategy.
Regulatory requirements. Increasing regulations such as the GDPR, CCPA, and other laws, require organizations to have sound governance and data protection measures, with data disposition being one of them. In case of a breach or investigation, organizations have to prove that they had necessary safeguards in place or risk hefty fines and reputational damage.
Cost implications. Collecting, processing, and retaining data is costly. Organizations spend a fortune on processing and storage, so keeping data indefinitely increases those costs significantly. To optimize data storage costs, organizations should put data disposition policies in place across their collaboration systems.
Client demands. New laws and regulations allow clients or customers the right to full deletion or the right to be forgotten. These rights enable clients to ask that an organization to delete any data it might have on that specific client. To be fully prepared for these requests, organizations should have data disposition processes already in place.
Best practices for implementing data disposition
Implementing data disposition within your organization requires its meticulous alignment with the entire governance and risk reduction strategy. Data disposition in isolation will not result in decreased risk or improved efficiency.
To help you get started, here are five best practices to execute a robust data disposition and risk reduction strategy.
Maintain an updated data map
Organizations cannot dispose of data without first understanding what type of data they have and where it is located. That’s when developing and maintaining a data map becomes highly useful.
A data map will help your organization catalog the data in your current collaboration systems and understand its location.
Creating a data map is the first step, but maintaining it is crucial. If not correctly updated, a data map quickly becomes obsolete, taking you back to square one in your governance efforts.
Assign metadata to help with context
Creating a data map is an excellent way to start your data disposition strategy, but more information is needed about your organization’s content. Specifically, your risk management team needs to understand every document’s context to apply the appropriate security and disposition policies. Without context, the team will spend valuable time going into each document to understand what it is about.
Assigning unlimited, rich metadata is the solution to streamlining such understanding of context. You can set this metadata through your collaboration system’s capabilities or deploy technology that allows you to add unlimited metadata.
Create a disposition strategy
Once your data is cataloged and contextualized, you can begin creating your disposition strategy with specific steps. This practice requires involving your key business departments and strategic leadership. Each department has unique data needs, and you need to understand them before deciding the disposition journey and when to engage in full data deletion.
For some organizations, simply moving data to their primary content repository and then deleting it in a few years is enough. Some require a more detailed approach involving archival and anonymization. The steps your organization assigns for its disposition process are a group effort and depend on your business case and strategy.
Align with your collaboration systems
Your organization’s data disposition strategy should be implemented for all collaboration systems. It is not enough to dispose of data only in your DMS or in Microsoft Teams. Any system where data is stored and processed needs to align with your disposition steps.
Automate the process
Conducting data disposition manually takes resources and is prone to human error. Your organization should attempt to automate the process through technology that offers governance across collaboration systems. Look for software that allows you to implement your data disposition steps with various triggers and an approval workflow so that risks are reduced and security is at the center of your strategy.
How Prosperoware Helps
Prosperoware CAM is a SaaS enterprise platform that enables organizations to leverage their collaboration systems for digital transformation while improving governance. CAM allows organizations to enhance processes around management of office documents, improve adoption, and reduce risks related to privacy & cybersecurity.
CAM integrates with a variety of collaboration systems, including Office 365 (Microsoft Teams, SharePoint Online, OneDrive, Planner, OneNote), File Shares, iManage, NetDocuments, HighQ, and more to come.
Our unique approach relies on adding context by applying rich metadata to identify projects, matters, engagements, etc., to workspaces, Teams, Channels, and folders in systems. This approach benefits end-users and the risk management team. Users can leverage critical metadata to locate content easily, while risk professionals can focus on data security and disposition instead of trying to determine its context.
Key CAM features include:
- Automatic provisioning of workspaces, Teams, Channels, and folders from Project Portfolio Management, CRM etc., or through human workflow using templates
- Rich, custom metadata for project or document context
- Unified directory for project location
- Advanced DLP, reporting, & analytics capabilities across systems
- Set trigger-based disposition policies with approval workflows or place content on litigation hold