The amount of data stored by organizations is growing exponentially, nearly doubling in size between 2020 and 2022, according to a report from Seagate and IDC. While this data can be used to drive better business decisions, it also comes with increased risk factors. Thankfully, the notion that over-retaining data is somehow a conservative approach to data management that will minimize potential risks is beginning to fall out of style, as corporations amble down the path of data minimization. This blog will explore what’s at stake for organizations that continue to take a laissez-faire approach to ROT data.
Defining ROT
First, let’s define ROT. ROT stands for Redundant, Obsolete, and Trivial; three types of data an organization does not need to retain.
Redundant data refers to multiple copies of the same data across an organization and is one of the primary causes of exponential data growth.
Obsolete data is data that no longer serves a purpose, either because it is no longer accurate; is representative of a legacy organization, project, or product; or has long outlived data retention requirements.
Trivial data is purposeless data, untouched and merely taking up space on servers (for instance, the byproduct of daily tasks never to be revisited).
Three Major Risks ROT Data Poses to Companies
1. Wasted Storage Costs
Perhaps the most obvious risk posed by ROT data is the cost associated with wasted storage space and lagging system performance. Whether your organization’s data is stored on your own servers behind your firewall or in a cloud environment, there is an associated cost, whether it is maintaining and protecting your hardware, or paying per GB for cloud hosting. A study by Veritas tells us that 33% of an organization’s unstructured data could be ROT, meaning organizations that have not conducted a proper data cleanup could be spending up to double what is necessary on data storage. We also know that excess data can slow down processing speeds. Failing to properly manage ROT data also comes with the opportunity costs of diminished productivity due to lag time and lower employee satisfaction.
2. Regulatory Risks
ROT and dark data expose an organization to regulatory risks, especially in the data privacy arena. Benchmarking tells us that 75% of over-retained data contains personally identifiable information (“PII”). Management of PII is governed by data privacy regulations like the GDPR in EU or the bevy of state laws cropping up in the US. While at first glance, data privacy regulation may seem localized, these laws are structured in a way that impacts any company doing business in or interacting with residents of these jurisdictions. An organization that fails to comply with data privacy regulations is at risk of lawsuits or regulatory fines that can add up to millions of dollars.
3. Cybersecurity Risks
A data breach is no longer a question of “if” for most organizations, but rather one of “when”. For many organizations, ROT data continues to be the unlocked backdoor through which intruders can gain entry. This risk manifests because ROT data is often stored outside of secure file systems on end points like USB drives or personal devices that make it inherently less protected from breach. Depending on the size of your organization, remediating a data breach can cost hundreds of millions of dollars.
The Good News: It’s Not Too Late to be Proactive
The good news is that storage, regulatory, and cyber risks caused by ROT data can all be mitigated by investing time and resources to cleaning it up proactively, rather than waiting until you’re faced with millions in costs from unmitigated risks.
In the following post, we’ll explore how to approach a ROT clean-up exercise from a practical standpoint, including technology products (like Rational Governance) and techniques you can apply to not only manage your current ROT data, but proactively guard against future ROT buildup.