Recent news about New York Governor Andrew Cuomo’s controversial data retention policy, which mandates that state workers’ emails be deleted after 90 days, caused a considerable media stir. Many pundits questioned whether the new policy was consistent with the broader ideal of government transparency. The news, of course, comes on the heels of the State Department “Emailgate” news concerning emails sent from personal accounts -- and a subsequent lack of records to prove otherwise.

These are just two recent instances of a much broader issue that has plagued the public sector from day one of the digital age: Proper data retention. At its most basic level, data retention is a fairly simple concept—most organizations need to retain the data they generate, including, but not limited to email for both business and legal purposes for a pre-determined period of time. Email is just one piece of the puzzle, albeit an important one. A comprehensive data retention strategy covers a wide spectrum for managing disparate digital information that flows in and out of an organization. This includes backup data, which is also subject to legal discovery. 

Depending on the size, scope and objective of a given business, data retention policies vary. It’s safe to say that a majority of businesses, which in most cases are not subject to the same level of public scrutiny faced by government agencies, opt to retain their data for longer than Governor Cuomo’s 90-day policy. Beyond simple accountability, it’s an important tool to gain visibility into where information is going—and where potential risks may exist.

Money No Longer Is the Issue

Before going any further, one particularly prescient point should be clarified: The cost and labor time for storing large amounts of data is by no means prohibitive. The rise of cloud computing, coupled with technological innovations like data de-duplication and compression, have made it both cheap and easy to store large troves of data for unlimited periods of time at a low price point. So the argument that suggests that this policy is merely a cost-cutting move isn’t particularly strong.

The real question to ask is whether the 90-day retention policy ties back to a larger compliance strategy, or whether it’s an arbitrary number that aligns with the Goldilocks principle. It’s also worth looking into what the Cuomo administration’s broader data retention policy looks like, and how (or if) data being generated on endpoint devices like smartphones or laptops is also being stored.

For Safety's Sake

Data retention policies exist as a buffer against potential future legal issues. If and when litigation occurs, the discovery process requires an organization provide access to all versions of documents or data sets in question to, ideally, avoid liability. In essence, a good data retention policy should enable organizations to build a virtual breadcrumb trail that establishes a clear pattern of compliance with a given mandate or regulation. To be fair, businesses will in some cases purposefully adopt a zero-day retention policy because they do not want a readily accessible record of their data for those exact reasons.

Given this, it’s understandable that the newly appointed chief information officer for the Cuomo administration was under such scrutiny when this story was uncovered. The lack of visibility that comes with a highly limited retention policy introduces far more questions than it answers. Nobody questions whether the public sector lags behind the private sector on this front, where even small and medium-sized organizations recognize the importance of retaining email and other sensitive business data. Instead, the question is just how wide a gap it is, and what can be done to begin to close it.

The digital age and the data it brings with it have presented a double-edged sword for politicians. Recent innovations make it much easier to actually retain large troves of data and achieve much-needed transparency. Given that, the onus is on public organizations to develop more comprehensive data retention policies that truly promote greater accountability and transparency, if that is in fact their end goal. 

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access