Before you can develop strategies to manage data retention, you have to know what you have and where it is, writes columnist Jim McGann.
Jim McGann is vice president of information discovery at Index Engines, an e-discovery provider based in New Jersey.
Managing data according to ever-changing regulatory and compliance policies is complex. Enormous volumes of sensitive files and e-mail messages are scattered about every organization. That data flows through massive networks and is clustered away in proprietary repositories and archives, which makes access even more of a challenge. As a result, information management strategies are nearly impossible to design and deploy.
Government agencies in particular face information management challenges every day. The related regulations require detailed knowledge, access, reporting, and management of user data and e-mail in order to remain compliant.
Those policies and regulations have motivated government agencies to rethink how they manage user files and e-mail. Agencies need to understand what data exists, develop a plan to manage it, and take action to protect the organization from long-term risk and liability. Here’s how your organization can create a sound and flexible platform that can adapt to new strategies and environments.
1. Find out what you’re dealing with. Knowledge is crucial to creating sound information management and compliance policies and to meeting the demands of initiatives such as cloud on-ramping, intelligent management of big data, deduplication strategies, e-mail categorization, data retention and e-discovery, information governance, and more.
To better support those initiatives, you must know what you have and where it is so you can then take the appropriate action. Data resides on desktops, networks, servers and repositories that are dynamic and constantly changing. That primary data and the legacy data that has been archived on backup tapes created for business continuity are all important sources of content.
Understanding user files and e-mail across the entire network is crucial to developing and applying policies. Without detailed knowledge of the content, creating a sound policy is overwhelming, and executing it is impossible. Understanding and profiling that data will drive efficiency and management of the content.
2. Map it out. Data mapping allows government agencies to determine the locations of sensitive data and develop a sound policy and logical plan of action. A data map can provide information such as the age of the data, when it was last accessed or modified, the owner, the location, an e-mail message’s sender and receiver, and even keywords. A data map will deliver the knowledge required to make “keep or delete” decisions for files and e-mail messages and can help you act on those decisions by defensibly deleting what is no longer required and archiving what must be kept.
3. Develop a plan. Breaking down the data into logical segments makes the process manageable and achievable. Defining a plan that targets the highest-risk data first is essential. The highest-risk data environments are typically e-mail servers and legacy tapes. Your policy can initially focus on the riskiest data and continue down to lower-risk items. That approach makes a monumental task more manageable.
4. Make use of software tools. Federal and state agencies are using indexing software to help inventory data assets and apply policies that ensure the data is protected and managed appropriately. Summary reports can be generated to profile the content, providing a high-level view or a drilled-down summary of specific owners, servers or date ranges. Metadata information can also be exported and loaded into reporting tools to generate comprehensive summary reports.
Hoarding data for years is no longer a suitable practice. Implementing a defensible deletion methodology saves time and expense while ensuring that you keep only the data you need.