Data is being deleted in every organization every day, usually in an ad hoc, and not particularly defensible, manner. Individual employees, with the utmost good faith, are deleting and altering documents in the ordinary course of business. Hard drives crash, emails are not properly archived due to normal error rates, systems are retired, and at least some data relating to departing employees is routinely lost. More importantly, deletion of data is done with no focus or prioritization related to legal, regulatory, or business risk or value to the organization. Ignorance of this reality is not bliss—it is a ticking time bomb for legal and regulatory risks.
Yet most large organizations remain hesitant to implement any process that is designed to systematically dispose of data that is no longer needed for business or legal purposes. Conventional wisdom, when it comes to the retention of electronic data, goes something like this: "Storage is cheap. It is easier, cheaper, and less risky to save all electronic data than to take on the challenge and risk of deleting any electronic data under any circumstances, even if you no longer need that data for business or legal purposes."
