Slashdot Mirror
Employees in the Dark About Data Retention Policy (betanews.com)
An anonymous reader shares a BetaNews article: A new study reveals that over half of office-based employees say their companies don't have written policies on data retention or personal use of work devices, or if they do, they aren't aware of them. The study conducted by Harris Poll for e-discovery company kCura reveals communication habits that could put organizations at risk of incurring increased data retention and discovery costs in today's increasingly litigious business environment. "Complete bans on the personal use of work devices would be difficult -- if not impossible -- to implement, and could be harmful to employee morale. However, companies do need to implement reasonable policies to mitigate risk," the report adds.
When given 'a stack' to sign, simply write 'didn't read, don't agree' on the signature lines. They _never_ check.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Management's policy process lack's the knowledge and (ugh, sorry) "agility" to adapt what they want to the ever-changing landscape of what and where data is and how it's accessed.
Whatever policy is on paper is likely woefully vague or out of date relative to technology. Much of the time the organization itself is willfully non-compliant as various centers within the company store and access data in various public clouds, social media sites, on personal or hand-held devices, and so on.
Even when everyone kind of has their shit together, the technology industry is subverting "corporate data" by turning themselves into personal technology companies, like Apple and now Microsoft, where they've figured out that if you sell to the individual end users as consumers you can essentially *make* corporations support (and sometimes buy) your product.
They probably don't have those policies and procedures written up because they can't end up having that meeting, or at least one that comes up with a solution. Head Honcho wants everything deleted after 6 months because of possible liablities and reveal. Low down managers don't want anything deleted because they are looking to cover their asses in possible liabilities and reveals. IT states they only have enough of a budget to store everything for one year. Workers point out that many of their projects last longer than one year and even go multiple years and they'll need all that information well past those timelines just to get the job done and support it. Legal is going to pop up and explain that things can be deleted after 6 months, except for these three corner cases they know about where they are legally obligated to hold information for up to ten years to forever, and there might be more such cases, and dependancies due to contracts. By the end of several hours, they have several conflicting policies demanded by different parts of management and half a dozen problems that need to be looked at with legal and economic issues as to why they can or can't adhere to any policy. Eventually, the day long meeting ends with another, similar meeting scheduled in another few months.
A friend works for a computer forensic recovery and analysis company that many big companies and three-letter agencies use to crawl through a company network, audit each machine it finds (either by breaking in or being given access), and scans for various types of files. It vacuums them up for review by a human. It's used for litigation discovery and spying. My friend is very proud that his company is partially responsible for bringing down some very highly placed Pillbilly Repugnican operatchiks for corruption and sexual escapades.
I read it. I've never seen a retention policy that had to be signed. Instead I hear about a policy and we're expected to follow it.
Two most common rationales I see:
"we might be sued or audited, so don't permanently delete emails"
versus
"we might be sued or audited, so delete your old emails"
Generally I see that old emails are kept, until IT complains about being low on disk space or the user gets an angry warning about being out of allocated server space.