Slashdot Mirror
The Importance of Deleting Old Stuff
An anonymous reader writes: Bruce Schneier has codified another lesson from the Sony Pictures hack: companies should know what data they can safely delete. He says, "One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on."
Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on."
Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?
Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company.
Never Write what you can Phone;
Never Phone what you can Say;
Never Say what you can Whisper;
Never Whisper what you can Nod;
Never Nod what you can Wink.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
If huge corporations started following some basic legal and ethical guidelines, they wouldn't have to worry so much about old documents getting leaked. If your business strategy is to f##k your customers and/or your partners, sooner or later you will pay for it, documents or no documents.
Time flies when you don't know what you're doing
Rules:
1) Don't delete other people's stuff. IT workers / Lawyers I'm looking at you. You should never delete something without a specific verbal or written OK from the document owner. When you automatically delete my stuff I find ways around your scripts.. It does no good, because I WILL retain my records indefinitely. So just stop wasting my time and leave my stuff alone.... The only justifiable reason to delete my files is: the Server harddrive is full. But it costs less to buy a freaking hard drive, than to decide what documents can be deleted...
2) Document Retention Policy: Min: Legally required length of time Max: FOREVER. See Rule #1. You should NEVER touch my inbox, Network Drive, or any other place I store documents with an automated script, deletion of files should only occur by hand by the document owner...
3) Don't do unethical things. You don't have to worry about what's in the document if you did the right thing in the first place... You should fire any employee who is unethical and as a corporation take responsibility if those unethical things embarrass the company. This is what reviews (code, business, technical etc) are for, you're supposed to check that your employees are following good practices... Then that circumspect code, business practice etc, would've never seen the light of day in the first place. When a corporation fails that they shouldn't hide it, they should admit it and take their licking...
My email contains important technical information that I may need for years after I composed that email. When you delete it for me. You waste valuable company time as I recreate the exact same information I already "knew" which may have never made it into a formal document.
JUST STOP IT. There is nothing illegal about keep business documents forever. There is something highly unethical (and possibly illegal!) about a practice that stems from the idea of destroying evidence. So stop it. The ethical, right, and more reasonable thing to do is enforce from the IT perspective the minimum retention policy. After that, (ie when you delete) should be based on business need: 1) I really will never need this again and 2) The storage costs don't justify the (low) possible future return. Since storage is CHEAP, #2 should pretty much never come into play...