This is part 1 of a 5-part report that examines the causes of excessive data retention on backup tapes, defines the current situation, and examines data retention to reduce ongoing operational costs and regulatory risk. Outline how to repair retention. To learn more about this report, read the summary or download the full Bad Tapes report here.
Once attracting attention as the new “oil” that kept companies' engines running, data overload is now causing oil spills.
For decades, companies have been accumulating data.
- Business and strategic management has long adopted a “don't delete it” philosophy. I'll keep it…just in case. ” As a result, many business units accumulate large caches of data without a specific purpose and with little insight into what they are holding. This often includes digital land mines such as unwanted personal information and discoverable emails that legal teams want to destroy as soon as defensible.
- Big data gold rush Companies are scraping systems to fill up data lakes and warehouses without having a clear idea of how to leverage them, resulting in unclassified data such as messaging data, email archives, and voice recordings. The result is an unmanaged environment with mountains of data and vague access controls.
- cost and conveniencethe penalty for over-retaining data is historically low, and the cost of retaining data is low compared to the time and expense required to defensively discard it.1
Data risks are increasing rapidly
The needle is now moving on data risk.
In Australia, fines for breaches of privacy laws have increased significantly, reaching up to A$50 million, or 30% of adjusted revenue for the period of the breach.1 The Australian Information Commissioner's Office, the privacy regulator, has been given new powers with increased staff and funding.2 Additionally, given the growing severity and scale of data breaches, regulators are considering cracking down on over-retention of personal data.
It's not just regulators. Class action lawsuits are on the rise, with both customers and shareholders seeking compensation and accountability in response to data breaches, mismanagement, and loss of over-retained data.
And the regulatory burden is increasing. The proposed amendments to the Privacy Act 1988 (Cth) provide new regulatory powers, enhanced protections and individual rights, a right of direct action, and a statutory tort of privacy that allows individuals to sue organizations directly for privacy breaches. It's promised.
Penalties for violations of the Personal Information Protection Act1
- 50 million Australian dollars.
- 3 times the value of the profits derived from the misuse of the information.or
- 30% of the company's adjusted sales during the relevant period, i.e. the non-compliance period.
costs are rising
At the same time, businesses are experiencing the pain of storing billions of unnecessary legacy files. Bloated storage mechanisms and countless stacks of magnetic data tapes overflow with misunderstood, unloved, and completely unnecessary data for your business.
Magnetic tape, once touted as the pinnacle of long-term data storage, has evolved into a data albatross around the necks of Australian businesses. Aside from storage costs, accessing data through tape restoration is very inefficient. Just finding the right tape can be a challenge. Paying a vendor to use older drives to read your tapes can be expensive. The tape goes missing. And because tape lifespan peaks at 8 to 12 years, companies often find that the tape they need is damaged. Lost tapes, whether misplaced or damaged, can be reportable and put your organization in the bad eye of regulators. And observer oversight can reveal over-retention and other unfenced data risks.
The time has come to devote all efforts to restoration.
Keeping everything forever is not an option. To reduce data risks while ensuring regulatory compliance, businesses must urgently assess and remediate the data they hold. The goal is to identify and transfer business records required for regulatory requirements, litigation hold data, and data of high business utility to secure, accessible storage and to ensure that it is redundant, obsolete, trivial (“ROT”) or Defensively dispose of duplicate data.
This is easier said than done. Striking the right balance between retaining too much or too little data is a difficult trade-off, constrained by business needs, legal hold obligations, and regulatory requirements. Companies need to demonstrate that they understand what they have and why they have it. This is a time-consuming, enterprise-wide activity that involves multiple systems and stakeholders, including IT, legal, risk, and compliance. But the risks are too great to continue to ignore.
Despite the difficulties and complexities, businesses need to start remediation as soon as possible.
- Identify what you need and don't need
- Store what you need in secure, searchable storage for inspection and use
- Delete files and data that expose your organization to risk or liability.
Ask yourself the following questions:
- Do you have an inventory of your data?
- What is your most historic record?
- What is your most sensitive data?