Your old data could be very costly. Even if it’s outdated and worthless. Why? Because the more data that hackers can steal, the greater your liability in a cyberattack.
You can minimize your risk by minimizing your data. It’s that simple. But first you need an up-to-date data retention policy. And it must be strictly enforced.
Many organizations retain years — even decades — of data. Sometimes the retention is warranted (perhaps to calculate and verify employee pensions). In most cases, it’s not.
It’s just that no one has bothered to delete the old data. It is out of sight, out of mind … and a huge potential problem.
But stolen records cost money to remediate. Big money. Money that can range from an average of $166 in education to $408 per record in the health industry.
Take the case of a school system that averages 1,000 new students per year and has saved 30 years of student records. That’s 30,000 records, which could cost close to $5 million to remediate in case of a breach.
If the school had only enforced its data retention policy and saved 16 years of records, the cost of remediation would have dropped to just under $2.7 million — a savings of roughly $2.3 million.
And that’s in education. Imagine the same scenario in a hospital setting. While old data may not seem like a high priority, from a dollars-and-cents perspective, it’s a clear business issue.
What kind of data should your data retention policy cover? Anything a hacker could use to exploit your organization. This includes:
If you do not have a data retention policy in place — or are not certain it is strictly enforced — we strongly recommend you address the situation as soon as possible.
Save yourself the risk, the costs and the headaches. Delete that data now.
Share this page