Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Document retention policies lacking in companies says survey

And, the report authors said, the security and data integrity issue - which Kroll calls electronic stored information (ESI) management - is not getting any better.

The problem, Martin Carey, UK managing director with Kroll Ontrack, told Infosecurity, is that companies are simply not aware of their need to retail digital information and documents, especially when a court case involving evidence stars up.

"A sizeable number of companies store their paper records for the required period of time, but our research found that a large number of firms are unaware of their requirements for electronic documents," he said.

"When a legal case starts, there are clear rules, stemming from a change in the court rules in 2005, since when it has become a requirement for a company to keep its electronic documents for an extended period, whilst a court case is in progress," he added.

Kroll's research of 230 UK companies suggests that, whilst a strong majority of UK companies have a (paper) document retention policy, only 41% for firms have an ESI discovery readiness strategy.

This gap, says Kroll Ontrack, highlights a serious risk and a false sense of security that the existence of a document retention policy is adequate to protect organisations when litigation or other events requiring ESI strikes.

This, the third annual poll of its type by the computer forensics specialist, found that 14% of UK companies strongly agree their ESI discovery policy or strategy is repeatable and defensible.

However, only 39% of UK firms have a mechanism to preserve potentially relevant data when litigation or a regulatory investigation occurs.

Without an identified means to suspend the expulsion of potentially responsive data, Kroll Ontrack said that many companies are not positioned to execute proper preservation protocol or claim their ESI discovery readiness policy is effective.

"Policies are only effective when they are kept up-to-date to include the tools, devices and communications their organisations are utilising," said Carey.

"Sound planning does not stop with document retention and discovery readiness policies. In today's environment, data security risks must be taken into account and addressed in a company's document retention and ESI discovery readiness policies and strategies."

A copy of the report can be downloaded from Kroll's website...



What’s Hot on Infosecurity Magazine?