The digital universe is vast and ever expanding at an incredible rate. Market intelligence firm IDC's 2011 Digital Universe study found that the amount of information created and replicated in 2011 exceeded 1.8 zettabytes (1.8 trillion gigabytes). That's a lot of data. And more importantly, companies are liable for 80 percent of this information at some point in its digital life.

When it comes down to it, both the legal and IT departments need to do something about this gargantuan amount of data. Most companies have records management policies in place to handle information critical to a company's business and interests, as well as a corresponding set of records retention schedules that identify record categories, regulatory requirements and the period of time for which they need to be kept before being destroyed.

The problem, however, is that for many companies, those policies are
typically only applied to paper records and not electronically stored information (ESI). Experts agree that this needs to change.

Unmanaged Mess

A large part of the data dragging companies down is “unmanaged information,” which essentially is any information—be it paper or ESI—that is not actively being managed pursuant to a records management policy. Unmanaged information can be anything a person can create and save on his computer. Most of this unmanaged information exists in email, shared-use repositories and any other place where someone stores information. And because people think data storage is cheap, they never delete anything, and it piles up.

“It used to be that unmanaged information, back in the days of paper, was the stuff that sat around on people's desks and in file cabinets,” says LeClairRyan Partner Dennis Kiker. “It was just your working stuff, and it wasn't really that big of a problem because everything was governed by square footage. But when information moved to computers, few companies actively employed records management principles to ESI.”

Most records retention policies generally say people shouldn't keep anything any longer than it's needed to do their jobs. But because unmanaged data is not part of a records management function—like a tax return, signed contract or any other information the business must retain for a specified period of time according to law—deletion is up to the user. Therefore, much of this information just sits in databases or goes on a shelf in a warehouse, and nobody ever throws it out.

“If I go into a file share in typically any organization today, I usually find that more than 80 percent of documents and data in there has not been touched for more than three years,” says Founder, Senior Attorney and Consultant Anne Kershaw of A. Kershaw, P.C. // Attorneys & Consultants. “I call that 'dead data.' It's getting backed up. It's getting cared for and fed. It's taking up electricity. And when they move that data to another server or migrate it to the cloud—they're mostly just moving dead data. And it costs a lot of money.”

Risky Business

The risks associated with companies storing this ever-increasing amount of data are manifold. First, storage is expensive despite decreasing prices, due to the massive amounts of data companies are storing and the varying nature of arrangements with service providers. Secondly, search and retrieval against large amounts of data can have a high price tag.

“[If all of this data] is around when you're investigated or sued, all of that is going to be part of a discovery process, and you're going to have to spend a lot of money to review it and figure out if you have to turn it over to someone,” Kershaw says. “That can cost $20,000 per gigabyte.”

Beyond the costs are the operational risks to storing so much data. Companies can become mired in a situation in which it's difficult to find the most up-to-date or most-relevant information, which can seriously hinder business operations. There's also the risk of getting incorrect or inaccurate data.

There also are regulatory risks. Companies that have data pertaining to an inquiry can be levied fines and adverse action findings if they don't produce information expediently. This can be especially painful for companies in highly regulated industries because when litigation or an inquiry arises, there's more useless data to sift through and it's harder to quickly understand the facts.

Suggested Solutions

There are a number of ways companies can deal with their data dilemmas. Redgrave Partner Jonathan Redgrave suggests first setting up an integrated team of legal and IT personnel who have both C-level and budgetary support. Once the team is in place, they can begin with instituting a managed email/messaging environment that consolidates and optimizes enterprise electronic communications, which can reduce the growth of information.

Other solutions include technologies that can index information on shared network drives, which will help teams understand the data's value in order to determine whether it's worth keeping. There also is technology to automatically classify records as they're created. These systems examine content, determine the type of record, and recommend what classification and record retention policy should apply.

Regardless of the chosen solution, Redgrave believes it's critical for companies to recognize the potential hazards to storing unneeded data.

“In many ways, it really is a cultural challenge for an organization to get people to understand that information is possibly both its greatest asset and its greatest liability,” he says. “You'd better take good care with it.”