“Keep what you need, get rid of the rest” – Law of Information Conservation
Updated: Feb 6, 2021
Obsolete applications are like your old traumas and bad memories; they will always find a way to creep back into your system and mess with you. Organizations must have a clear-cut strategy on killing obsolete applications and the underlying infrastructure that are merely wasting computing power, energy, space, and money – and find effective ways to make sure that they don’t resurrect from the grave. Most organizations tend to hoard systems and applications, thinking that one day they will potentially need them. But all they do is stack them up through the years and waste resources. Talk to your local legal retention authorities, have an archiving and a data destruction strategy; it will save you much money, time, and energy.
Most companies have information retention policies. Meaning they need to store and keep information and data for a certain period as prescribed by law. However, because of fear of not complying with the law and corporate retention policies, people tend to retain data for extended periods -- if not forever. Most people don’t know that; if you retain data longer than what is prescribed by law -- you are equally liable. It’s one of those, damn-if-you-do and damn-if-you-don’t kind of things.
The problem with retaining data and information for an extended period than what is prescribed by law is far more complicated than it seems -- because they come bundled. The bundle includes the applications or the license to run the system to retrieve the information, the underlying servers and infrastructure, the tapes, the software to back them up and recover them, and perhaps even the skills to retrieve the data in the future. However, none of these can guarantee full recovery of what the law and the authorities may require in the end. Data corruption, hardware and software failures, human error, and not knowing the structure and format of retrieving old and archaic information are some of the main challenges one would typically face when retrieving data. Imagine how much money you waste when you consider all the costs associated with retention. Depending on the organization, it will be a hefty amount of money. Of course, the rationale is: if you get fined, perhaps you will be paying a whole lot more.
So, is there a sweet spot? What strategy must organizations undertake to reduce the cost associated with retention and, at the same time -- protect themselves against large sums of potential fines?
Different countries require different retention requirements depending on the type of legal document they need to keep. Germany, France, and the US are among the more restrictive ones at a varying degree and complications. So, it is crucial to know the local law first and devise a strategy around it.
It is also imperative to seek advice from local retention authorities in order not to err. Ensure that whatever agreements you come up with are appropriately recorded to be used as evidence for future legal actions.
Ways to retain data?
Print them out – the rule is to retain data and information. It can be electronic or a hard copy. There are essential things to consider here: practicality, storage, retrieval capabilities, and a flawless indexing system. Imagine printing all e-mails, storing them in the basement, then try to find the data or information you are looking for in the haystack.
External archiving solutions – there are companies who specialize in providing this service. They are not cheap either. But if you consider how much you are spending, perhaps it makes good business sense to hire one. Just make sure that you have the guarantee and insurance to mitigate your organization's legal liability. Remember, while these companies offer you archiving, storage, and retrieval services for your organization, it does not relieve you of the legal and audit accountabilities. Always consult with the legal retention authorities first before engaging in such services.
Store them in the cloud – building a cloud-based archiving solution could be the best possible alternative for most organizations these days -- everybody is moving there after all. The only caveat one must consider is the format on how the data must be stored and retrieved. If you can do away with the licensing of the applications, you can simplify your footprint, lessen your cost, and avoid a lot of headaches. Consider printing legal documents to file and keep them digitally, so they can easily be indexed, searched, and retrieved.
Most organizations keep and maintain obsolete applications to retain data and information to comply with retention laws and policies; this is really the root of all evil. Companies must deal with this at the highest level to avoid any significant legal issues if not addressed properly. Otherwise, this very costly endeavor is a growing pain that will only keep growing year-after-year.
So, select a retention strategy, agree with your local legal retention authorities, have the agreement documented: keep what you need and get rid of the rest – this is the Law of Information Conservation.