Companies are holding on to data too long

Companies are holding on to data too long

Firms need to destroy out-of-date information to comply with regulations

Seven out of 10 organisations do not have the mechanisms in place to destroy records that have passed their regulatory expiry date, according to new research.

Failure to control data archiving schedules demonstrates weak IT governance and lays an organisation open to prosecution or fines, says the survey of the 343 organisations exhibiting at Storage Expo 2007.

Data requires continued investment to support its existence while increasing potential for misuse and investigation, says the report.

And without removal, regulatory-expired data will foul up storage facilities for an organisation.

Companies are subjected to increasing amounts of regulations that require enforcement through the preservation or destruction of records after a certain date, said Freeform Dynamics service director Jon Collins.

“It can be a minefield to pick through, and it is unsurprising that many organisations find themselves lacking,” he said.

The Markets in Financial Instruments Directive (MiFID) regulation which comes into force on 1 November introduces a new requirement for record keeping, in which a financial institution is accountable for storing and retrieving structured and unstructured data in the context in which it was created.

This moves the EU towards a world where the financial institution is guilty until it can prove its innocence, said PJ Di Giammarino, chief executive of European regulatory think-tank JWG-IT.

“The customer can, and will be, encouraged to take the bank to task and prove that they are executing its business both effectively and efficiently across long periods of time - up to the lifetime of the client relationship,” said Giammarino.