Keep what we need and delete the rest
A study by CGOC (Compliance and Governance Oversight Council) some years ago found that in average, 25% of information has business value, 5% is subject to regulatory record keeping requirements, 2% is subject to legal hold, and 68% is redundant, obsolete, or trivial (ROT). Many companies store information forever in Microsoft 365 (unless users manually delete files) and this has the following implications:
- Increased storage cost – could be millions for large customers
- Increased compliance risks – not GDPR compliant due to over-storage of privacy data
- Increased e-discovery costs – large amounts of ROT need to be analysed
- Increased attack surface – data breach may expose private, personal, and sensitive data
- Less effective digital workplace – users drown in ROT when trying to find information
- GenAI relaying wrong/outdated information – garbage in/garbage out
With the growing volume, variety, and velocity of digital information, risks will continue to increase. The benefits of a change to keep what you need, delete the rest mindset is many:
- Free up storage
- Reduce storage cost
- Reduce e-discovery costs
- Reduce compliance risks
- Reduce cyber security risks
- More efficient digital workplace
- Ensure Copilot relies on quality information
As example, the energy company Shell is currently automatically deleting 1bn files and emails per year following the below recommendations.
Keep what we need: Records labels in SharePoint
Records are defined as, “Information created, received and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business” (ISO 15489). A simpler definition of records is information of value (often around 30% of information) that needs to be retained according to business and regulatory requirements.
The records must be managed to ensure its integrity, authenticity, reliability, and availability. This can only be done in shared workspaces like Teams channels, SharePoint sites, and shared mailboxes since privacy regulations limit company access to personal workspaces like user email and OneDrive for Business. Records must therefore be moved or created in only shared workspaces like SharePoint.
What documents and emails should be declared as records:
- Documentation of a business decision or recommendation
- Information that helps to ensure business continuity and learning
- Files that are required by law to be retained
- If in doubt, then make it a record!
It is better to have a problem of over-declaration of records than under-declaration (missing information of value).
Before we can delete what we do not need, we need to identify what we need to keep according to business and regulatory requirements. This is then implemented as retention/record labels in SharePoint. This can be manually applied by users, automatically based on storage location (e.g. final folder), or automatically based on content (e.g. SITs and Trainable Classifiers).
Microsoft Purview Records Management design
Companies have three options for retaining files in SharePoint.
Records/documents must be managed to ensure availability, authenticity, integrity and reliability (ISO15489), and we wish to specify what is the acceptable storage locations for records/documentation in Microsoft 365:
In addition to all of the information mentioned above, we need a way to apply record labels to the files.
Non-Record deletion
Records is information of business and regulatory value that needs to be retained, while non-records are redundant, obsolete, and trivial information (often around 70% of information) that can be deleted. Work-in-progress information will either become a record or ROT (non-record).
OneDrive for Business and user emails is considered personal workspaces and should therefore not hold information with important business or regulatory value.
Recommendations:
Every area is further elaborated with pros, cons and mitigating actions in the tables below.
Chat (groups, one-on-one chats in Teams and Copilot):
User Emails:
OneDrive for Business:
Files non-records (SharePoint):
Meeting recordings (and other video files):
Summary
The volume of data within an organization isn’t a linear growth, but rather an exponential growth and adopting the suggested solutions will bring several benefits to combat the effects of this. It will ensure that one stays compliant with local laws and regulations, while also reducing compliance and security risks. Cleaning up ROT will free up storage space, causing a reduction in storage costs, while also ensuring that the information that is available to the employee is updated and relevant, causing the employee to trust the information found and increasing the quality of work. In addition, the work of deleting ROT will improve the quality of Copilot responses while also improving the quality of search results.
Need Help?
Take control of your information today. At Infotechtion, we help organizations to “keep what you need and delete the rest”. Whether you need expert advice, custom solutions, or guidance through information management challenges, we’re here to help. Contact us contact@infotechtion.com, to speak to one of our experts. Don’t let unnecessary clutter slow you down—contact us today!
