First the good news: The number of companies without a data retention plan has gone down from 14 per cent in 2011 to just seven per cent last year.
“A lot of companies are still not walking the talk,” said Trevor Daughney, director of product marketing for the Information Intelligence Group at Symantec. “Eighty one per cent of respondents say proper information retention allows companies to delete un-needed data but these organizations say the retain 42 per cent of their backups indefinitely.”
This, he said, is “ironic” because 52 per cent of respondents in Symantec’s 2012 Information Retention and eDiscovery Survey believe keeping failure to sort data that needs to be retained and keeping data for periods longer that they need to be is expensive for an organization.
Slideshow: E-discovery and electronic document retention in Canada
Ontario privacy officer disturbed at missing data
More disconcerting to know is that while companies, on average, receive 17 request for electronically stored information, those in charge of storing and managing the data failed to fulfill the request 31 per cent of the time. This is significantly higher than the 20 per cent failure rate reported in 2011.
For the second year now, Symantec queried 500 companies from various industries in Canada, the United States, United Kingdom and Germany on their data retention practices.
The survey found that 34 per cent or respondents have fully operational data retention plans, 26 per cent are still a various stages of implementation and 33 per cent were discussing data retention in 2012.
The survey also found that backup mechanisms for archiving and legal holds remain inefficient. For instance, the organizations agreed that as much as 38 per cent of their data is not needed and 34 per cent of backed up data are
The top five reasons for collecting, processing, analyzing and reviewing stored data are: litigation (60 per cent), internal investigation (59 per cent), internal compliance initiatives (58 per cent), compliance with regulations and laws (57 per cent) and compliance with local regulations and laws (55 per cent)
-Symantec recommends that companies do the following:
-Adopt a defensible deletion mindset
-Err on the side of fewer, rather than many retention policies
-Automate privacy, retention and compliance policies to reduce risk
-Implement a solution in which legal holds can override expiry policies
-Don’t use backups for long term retention