Professional Documents
Culture Documents
One approach to solving this problem is through data minimization, which is sometimes referred to
as defensible deletion. At its core, data minimization represents a comprehensive strategy to reduce
the amount of data an organization holds, therefore lowering storage costs and minimizing legal
risks associated with the preservation of electronically stored information (ESI). In recent years, the
advent of new privacy laws have brought customer data into the spotlight, as these regulations have
granted unprecedented consumer rights for access to their personal data.
TABLE OF CONTENTS
Why is Data Minimization Important? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . pg. 3
2 Smart Data Retention Practices to Limit New Data Privacy Risks © 2020 Exterro, Inc.
WHY IS DATA
MINIMIZATION
IMPORTANT?
Upfront, it is cheap to store data. However, when the
organization is involved in litigation or, worse yet, a
regulatory agency investigation, all of that ESI is now
subject to attorney review for responsive documents—an
expensive proposition.
3 Smart Data Retention Practices to Limit New Data Privacy Risks © 2020 Exterro, Inc.
60 DAYS TO
DEFENSIBLE DATA
MINIMIZATION
Failure to identify, address, and minimize risks related to
data minimization will be the driver of fines, oversight
burdens, litigation and settlement expenses. This makes
the processes of developing an effective minimization
process even more critical. The basic steps breakdown
as follows:
1
DEVELOP & MAINTAIN A COMPREHENSIVE DATA INVENTORY
IDENTIFY WHAT PERSONAL DATA EXISTS, MEDIA TYPES USED, PROCESSING
ACTIVITIES, DATA SUBJECTS, STORAGE LOCATIONS, AND RETENTION OBLIGATIONS.
2
LEVERAGE PROVEN RETENTION & DISPOSAL STANDARDS
ADOPT RETENTION STANDARDS THAT ARE INDUSTRY-SPECIFIC AND PROCESSES
THAT ARE EFFECTIVE AND DEFENSIBLE.
3
COMMUNICATE PROGRAM EXPECTATIONS
AUTOMATE THE PROCESS OF DISTRIBUTING, TRACKING, AND ASSESSING EMPLOYEE
COMPLIANCE LEVELS WITH VERIFIED AND TRACKED RESPONSES.
4
DISPOSE OF OVER-RETAINED DATA
APPROPRIATELY DELETE VAST AMOUNTS OF UNNECESSARY AND
REDUNDANTLY-RETAINED DATA ACROSS ALL MEDIA TYPES AND STORAGE
LOCATIONS INCLUDING EMAIL, UNSTRUCTURED SHARED DRIVES, AND PAPER.
5
ESTABLISH ONGOING CONTROLS
LEVERAGE PROVEN EXPERIENCE, STANDARDS, AND TECHNOLOGY TO STREAMLINE
YOUR DATA MINIMIZATION AND RETENTION EFFORTS TO ENSURE DEFENSIBILITY.
4 Smart Data Retention Practices to Limit New Data Privacy Risks © 2020 Exterro, Inc.
3-PHASE
APPROACH FOR
Applying data minimization principles in practice
requires a three-phase approach: conducting a
5 Smart Data Retention Practices to Limit New Data Privacy Risks © 2020 Exterro, Inc.
BEST PRACTICES FOR Implementing a data minimization strategy means
the process will be ongoing and organizations
6 Smart Data Retention Practices to Limit New Data Privacy Risks © 2020 Exterro, Inc.
A DATA
MINIMIZATION
CASE STUDY
The Client
A $15 billion distributor with 20,000 employees in more than
1,000 locations nationwide. The company serves customers in
all 50 states and locations around the world.
The Challenge
The CISO’s challenge was twofold: cut down 53 TB of steadily
growing data, and understand the relationship between their
data and the data owners. At the same time, the GC desired the
implementation of a data minimization policy to reduce litigation
and cybersecurity risks. One of the greatest challenges the CISO SEE E X TERRO
and GC faced was knowing where to begin.
The Solution
DATA MINIMIZATION
Technology and tightly-structured processes with ongoing
controls to meet obligations and reduce risks. Exterro provided
IN AC TION
deletion strategies for all media types, including email,
unstructured data, and paper records to defensibly delete Manually performing these minimization
unnecessary records and information. We also provided all the processes can be labor-intensive.
necessary documentation to memorialize the data minimization
logic and initial cleanup efforts. But with a combination of structured
processes and technology, risks and costs
ROI
After implementing the data minimization policy, the strategies can both be reduced. The world's most
significantly reduced volumes of data across the organization. trusted and defensible data retention and
• File Share: Eliminated 20 TB of the file share data
disposal software solution for meeting
immediately. The cost avoidance of containing the growth in GDPR and CCPA regulatory obligations is
their file share environment is $60,000 annually. Exterro’s Data Minimization platform.
• Email: Applying an email policy and auto-delete resulted in
email storage volume decreasing 4% annually. Originally, the
volume growth was increasing at 8% annually. LEARN MORE
WITH AN EXCLUSIVE
• Paper: By applying retention rules to offsite paper, they
immediately reduced off-site storage by 50%.
FREE DEMO
• Backup Procedures: Reduced tape archive from 30,000
tapes to zero, and reduced backup retention from 90 days to
28 days. As a result, 300 TB of savings eliminated the need
to acquire additional backup storage. The annualized cost
reduction from these changes is $1.2 million.
7 Smart Data Retention Practices to Limit New Data Privacy Risks © 2020 Exterro, Inc.