Cyber threats remain one of the top concerns among organizations. Although cyber threats remain inevitable, reducing your risk is attainable. As the cyber risk and cyber threat landscape continues to evolve, organizations must continuously not only update their cybersecurity programs, but also their information governance programs and actual practices. From ransomware to phishing attacks, cyber criminals (referenced herein as threat actors) are after one thing: your information. Consequently, limiting the amount of unnecessary sensitive information collected, processed and stored reduces the opportunity for it to be inadvertently misused or stolen. Moreover, this is no longer simply best practice, but an important part of any company’s data compliance program as regulators (backed by a swath of new laws) are specifically focused on over retention of information.

To Save, or Not to Save?

That is the question companies must proactively ask and answer before they suffer a data breach. We encourage companies to establish data retention policies and procedures as a key part of their proactive information governance and/or information security program. Importantly, it is crucial that companies dispose of information that is no longer needed and limit the collection and processing of data to only what is relevant and necessary to accomplish the purposes for which it was collected.