Do You Really Need To Retain Ex-employee’s Grey Data?
It may surprise you to know that 10%, 20%, or even 30% of enterprise data can be classified as grey or inactive data, mainly from ex-employees, that has accumulated over the years as employees left the company. Many organizations simply haven’t defined policies around what to do with departing employee data. A minority of organizations will remove the hard disk from the departing employee’s laptop or desktop computer and place it in a cabinet for a year or longer. This policy is usually driven by the corporate legal department just in case the employee later files a wrongful termination lawsuit. This process is an attempt to address the issue but doesn’t really take into account the other possible data repositories where employee data can reside including file systems, email systems, email archives, removable media, or cloud repositories.
Most organizations simply ignore the departing employee data issue, leaving it scattered around the enterprise with no management, ownership, or security. This practice raises two main issues:
- Because it’s not consolidated, indexed, and managed, employee know-how, intellectual property, and corporate history is basically lost as the employee leaves the company.
- And also, because it’s not consolidated, indexed, and managed, eDiscovery and regulatory compliance is much costlier and risky.
Employee know-how, IP and corporate history
Employees generate huge amounts of information every day. Sales presentations, product line strategies, product roadmaps, correspondence with other employees, partners and customers, forecasts, pricing strategies, etc. Companies spend large sums of money employing people to create value for the organization. Once the employee leaves the company, that valuable information is quickly lost, and in many cases, forever. For example, not long ago I received a call from an obviously panicked ex-coworker from a company that I had left 6 months prior. They were looking for the pricing/ROI calculator that I had developed more than a year a. A large deal was dependent on them producing a believable ROI by the next morning. I told the ex-coworker that it and all of my content should be on my laptop and even suggested a couple of keywords to search on. Later that day, the same person called back and told me that the company’s standard process for departing employee’s laptops was to re-image the hard disk after 30 days and distribute it to incoming employees – the ROI model I had spent over a man-month developing was lost forever.
Regulatory compliance and eDiscovery
Regulatory retention requirements can trigger expensive data scrambles when the regulatory agency issues an information request to the organization. In many cases, “records” that should have been retained in a central repository are instead stored in employee-managed repositories such as their local hard disk or a file share. This usually happens because at the time of the record appearing, the employee is overwhelmed and doesn’t actually file it the way they should leaving the records to drift, causing higher costs, potential fines, and even loss of business.
The potential eDiscovery risk is much more straight forward. The basic fact is all data is potentially subject to eDiscovery. All data that could potentially be relevant to a lawsuit must be found and reviewed, and if responsive, turned over to the opposing side. If relevant data is not found or is inadvertently deleted, sanctions can be assessed including loss of case, fines, being forced to pay the opposing sides legal fees, professional sanctions, and loss of business. As you can imagine, ex-employee data can include relevant content for a given lawsuit - especially for wrongful termination. If that data is consolidated and made searchable in a low cost repository, the cost and risk in responding to eDiscovery requests can be dramatically reduced.
Archiving Grey data
So what should an organization do with their grey, low touch, and inactive employee data to reduce risk and cost? This data should be consolidated into a single, searchable, and managed repository. As I said previously, most companies simply ignore departing employee data stores. Unmanaged employee data can reside on local hard disk, removable media, file systems, the email system, or a cloud account such as OneDrive. When an employee gives notice or is designated as a RIF candidate, a process should be followed to collect all of this data into a low cost central repository the company can search and apply retention policies to. This repository would be a prime target for eDiscovery search or for finding important individual IP quickly.
Microsoft Azure is that low cost data repository. Archive360’s Archive2Azure provides the management layer for Azure to allow this grey data to be migrated into Azure, encrypted, retention/disposition applied, and custom indexing processes enabled to provide centralized ultra-low-cost “cool” storage so that grey, low touch data can be managed and searched quickly.