By Martin T. Tully and Nick B. Snavely, Redgrave LLP, with Practical Law Litigation

An Article explaining the risks and costs of an organization needlessly retaining personally identifiable information and digital records that have outlived their utility or business value and are digital debris.  This Article identifies data minimization mandates, describes the risks organizations face when overretaining personal or useless data, and explains how they may defensibly dispose of it.

Retaining personal data and other types of digital records that have outlived their utility or business value can present significant costs and risks to an organization. Counsel should take stock of the volume of useless data their organizational clients are needlessly storing and devise ways to dispose of it responsibly.In particular, counsel should:

  • Create a list of the various types of data and records the organization is storing, and derive from that a list of what it is unnecessarily storing.
  • Establish a system for defensibly disposing of data the organization no longer reasonably needs.
  • Implement a process for reducing the amount of digital debris unnecessarily retained in the future and periodically updating that process.
  • Regularly review federal and state-specific regulations for changes to disclosure and collection requirements (among others) that affect how companies retain personal information.

A complete version of this article can be found on the Practical Law website here.  Please note, access is subscription based.