I’m really stuck on this. My conclusion is that it’s unjustifiable.
All those things that you thought of when you read the heading – and that I thought of – I can’t tell you how much they’re going to cost the organisation, and when.
In most cases, no one can.
Most organisations can’t even make educated guesses.
And I feel like we’re wasting our time trying to jusify them unless we’re dealing with something that is truly carcinogenic for our organisations, or something like a consumer data right where we MUST destroy or face penalties which are certain and large.
I feel like this is the same as security – the only time we’ll be able to get senior people to pay attention to destruction is right after an incident – the type that means our organisations have had to pay the bill for an e-discovery firm to come in and sift through everything.
And at that point, the cost benefit is likely going to fall flat because nothing other than a GDPR type fine makes the cost worth the gain.
I also have a problem with justifying destruction from a prioritisation point of view. I think the real problem with fixating on destruction, is that it costs time that could be spent on things that people really care about.
Process workers want the information they need presented to them when they need it.
Executives want information to feed their decision making processes so they can make evidence based decisions.
Customers want to be able to get records about what they’ve done with you without having to talk to a person.
And every minute and every dollar we spend on destruction is a minute and a dollar we can’t spend helping people get things done that are important to them.
Destruction is only important to us.
So I’m stuck.
How do we move forward with destruction practices?
Information Governance 