tadamichi - Fotolia

How to cull old, potentially risky data

Unused data is a potential security risk, with old spreadsheets, reports and email containing industry secrets and laced with company gossip. If it's no longer useful, it's time to delete it

How much data are company employees hoarding? At any one time, each employee might have two dozen email conversations, half as many documents and spreadsheets on the go and a couple larger group collaborations.

But most this data will be superfluous. Whether it is saved as a file on hard disk, as an email on a PC or on a company server, if that data is not being used, it really is time to consider deleting it.

Spreadsheets and reports harbour industrial secrets, and emails might recount important events but could also be laced with gossip. There is a compelling security need to impress on users – and enforce through a data retention policy if necessary – the importance reviewing and removing legacy data.

Old data: what’s it good for?

A certain amount romance is attached to old data. Documents and spreadsheets created, worked on and saved over the past 20 years can tell a story a career, or the progress a department – even a company. This old data has a nostalgic flavour, which is why it can be hard to disassociate from it.

While these legacy documents might offer business continuity in the event of a data disaster scenario, on the whole they are self-indulgent.

Old data on a hard disk

Finding old data should not be difficult. Typically it sits in the My Documents folder on the hard drive. Sifting through it will take time, but using Windows Explorer to sort older files and determine what needs to be removed is the best place to start. Third-party alternatives, such as Explorer++, might yield better results.

If your organisation provides a network share, then users should also check this for legacy documents no longer required. It is important to note that while deleting documents stored on a computer sends them to the Recycle Bin until they are deleted at shutdown, files deleted on a network drive are immediately discarded. Users should ensure certainty before deleting.

Email archives are mostly useless

Unless an organisation has in place a sensible, methodical system for archiving emails, employees are going to have a seemingly endless collection of messages stored in their mailbox. Inbox limits are good, but with the ability to save into offline folders, useless data – including – tends to accumulate.

Regular, monthly monitoring all email folders by users, as well as encouragement the inbox zero strategy, can reduce this problem, with vital messages and archived safely for future reference.

USB, DVD and other removable media

It is all too easy to find old documents cluttering up USB sticks, saved to archive DVDs and other removable media (think removable hard drives from Iomega, or even 3.5in floppies). While 95% this data might be useless, the remaining 5% could prove valuable to an unauthorised user. Removable media should be password protected or stored in a secure space and regularly cleaned old data.

Cover all bases with deletion

Users will be reluctant to delete material they have previously considered useful. Concerns about the usefulness a policy that could result in the loss potentially vital data will also be shared. The sensible response is to put the onus on departmental managers to sign off on deletion, or make alternative arrangements for storage.

Read more about data retention

  • Exchange administrators must test how the change to Microsoft’s default email retention policy fits in their organisation.
  • Aside from regulatory compliance concerns, what factors should be considered when setting a data retention policy?
  • Data retention and destruction have become key elements of compliance.

Next Steps

Get to know the Microsoft Teams retention policies

Increase backup efficiency with a data destruction policy

Read more on Privacy and data protection