Data explosion and escalating breach costs

Organizations are facing an unprecedented increase in the volume of data they handle, primarily due to advancements in artificial intelligence. Experts anticipate that the amount of unstructured data will double by 2024, a growth propelled by the widespread adoption of AI technologies. Unstructured data, which includes emails, videos, and social media posts, presents unique challenges in terms of storage, management, and security.

Incidents of unauthorized access and misuse of data are reaching across sectors, demonstrating the universal risk of data breaches. From healthcare companies to government databases, no entity seems immune. Notable incidents include ransomware attacks on Australia’s court systems and breaches at major corporations like Infosys and Boeing.

IBM’s 2023 report highlights the financial repercussions of these breaches. The average total cost of a data breach has surged to $4.45 million, a 15% increase from 2020.

Organizations face a dual challenge: managing an ever-growing repository of data while simultaneously mitigating the risks and costs associated with data breaches. In response, companies must develop comprehensive strategies that address the storage and usage of data while prioritizing its security and compliance with evolving regulatory requirements. 

As data continues to grow in both volume and value, safeguarding it becomes increasingly critical and difficult. Businesses need to adapt and strengthen their data management practices to effectively keep up in the age of AI.

Strategies for effective data deletion

Organizations are crafting policies focused on the elimination of obsolete data as a strategy to mitigate the risks associated with data breaches and to comply with legal mandates. Developing a data deletion policy requires a deep understanding of how data contributes to business operations, its value, and the potential risks it carries if mishandled.

Companies need to assess the relevance of their data continually, determining what to keep and what to discard. This assessment hinges on understanding the lifecycle of data – from creation to deletion. Companies must decide the duration for which data remains relevant and establish protocols for its secure deletion once it no longer serves a purpose.

A solid data retention strategy helps companies respond proactively to the evolving regulatory landscape. As laws and regulations regarding data privacy and protection become more stringent, organizations must ensure their data management practices are compliant. Failure to do so can result in severe financial penalties and damage to reputation.

Why deleting obsolete data is so important 

Deleting obsolete data is more than a simple technical take, but rather a legal obligation. Compliance with data protection laws states that organizations only retain personal data for as long as it serves a legitimate purpose. Once that purpose is fulfilled, the data must be securely deleted to prevent unauthorized access or misuse.

Deleting outdated data also has financial benefits. Data storage, especially for large volumes of data, incurs significant costs. Purging obsolete data that no longer serves a business or legal need helps organizations reduce their storage footprint and associated costs.

When databases are cluttered with outdated information, it can lead to slower access times and inefficiencies in data retrieval and analysis. Maintaining a cleaner database helps organizations ensure that their data management systems are more efficient and responsive to their current needs.

How to identify obsolete data

Data mapping involves creating a detailed inventory of the data, specifying the sources from which data originates, the various types of data an organization handles, where the data resides, and the purposes for which the organization processes the data.

Effective data mapping provides a clear visualization of the data within an organization. It delineates the flow of data from its entry point to its storage and eventual use or deletion. Understanding the intricacies of data flow is key for identifying data that no longer serves a valid business or legal purpose and could potentially pose a risk if retained.

Organizations use data mapping to gain insights into the types of personal data they process, including sensitive or special category data. They also use it to track the geographic locations where data processing occurs, and use these insights for compliance with international data protection regulations. 

Informed decision-making

Data mapping contributes to informed decision-making. Providing a comprehensive overview of the data ecosystem allows organizations to assess the value and risk associated with different data sets.

Decision-makers can use the insights from data mapping to weigh the benefits of retaining certain data against the potential risks and costs. They consider factors such as the data’s relevance to current business operations, its importance for future strategic initiatives, and the legal and regulatory requirements for data retention.

Weighing deletion options

One of the most common approaches to deleting obsolete data involves adhering to data retention schedules that define how long different types of data should be kept. These schedules are based on legal requirements, industry standards, and business needs, providing a structured framework for data deletion.

Automated processes can make sure that data is deleted in accordance with established schedules, reducing the likelihood of human error and increasing efficiency. Implementing automated deletion – while initially time-consuming and complex – helps organizations to consistently adhere to their data policies, minimizing the risk of non-compliance and potential data breaches.

When deletion is not feasible or desirable, removing identifying information from datasets can help organizations retain valuable insights without compromising individual privacy. De-identification must be thorough to prevent re-identification, especially given the advanced re-identification techniques available today. 

Anonymization, if done correctly, can offer a way to leverage obsolete data for analysis and decision-making while complying with privacy regulations and minimizing risks associated with data breaches.

Organizational collaboration and decision-making

Legal, privacy, security, and business teams must work together to align their objectives and ensure that the strategy comprehensively addresses the company’s needs and regulatory requirements. Each unit brings a unique perspective and expertise, contributing to a holistic approach to data management.

Legal teams provide insight into compliance and regulatory obligations, privacy teams focus on data protection principles, security teams address the technical aspects of safeguarding data, and business units offer a practical perspective on data utility. 

Tim Boesen

March 22, 2024

5 Min