A global study of enterprise data retention practices has found that one in eight companies archive their files indefinitely.
The study was commissioned by information security vendor Symantec and involved companies with more than 500 employees. Some 1,680 senior IT and legal executives were surveyed, including 150 from Australia and New Zealand.
Enterprises were retaining "far too much information", the study found, with 13 percent of ANZ respondents claiming to "archive files indefinitely".
While 96 percent of local respondents said an information retention plan should allow them to delete unnecessary information, only half actually had a formal plan.
Sixty-eight percent of backups were on legal hold or were to be retained indefinitely, the study found, and 25 percent of backup data was deemed unnecessary.
According to Symantec Australia's vice president and managing director Craig Scroggie, companies were treating backups as archives, although the former was more data-intensive and intended for recovery.
Additionally, while IT staff generally were aware of the technology issues to do with over-retention, many were uncertain of the legal requirements driving data retention.
"Just storing everything" was the lowest risk path, Scroggie said, noting that enterprises could be storing "hundreds of petabytes" of data.
"They don't understand what it is they're keeping, so they're just keeping everything," he said.
Besides additional storage requirements, over-retention came with inefficient search and discovery processes and increased litigation risk, Symantec found.
Scroggie explained that the more information an organisation stored, the more could be subpoenaed, or summoned in legal disputes.
Additionally, companies that stored information about employees or customers could face privacy concerns, he said.
"This requires a far more mature approach to management of information ... it's not just an IT task," he said. "We are in a complex area; it's complex to manage business requirements and balance IT with business needs."
Symantec's recommendations for enterprises:
- Establish an information retention policy.
- Retain only 30 to 60 days of backup data before delete or archiving it automatically.
- Implement deduplication within applications and within a backup environment, as close to the information sources as possible.
- Use a full-featured archive system to improve search capabilities.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
