Symantec's 2012 Information Retention and eDiscovery Survey examined how enterprises manage their ever-growing volumes of electronically stored information (ESI) and prepare for the eventuality of an eDiscovery request. The study found the percentage of organizations without a formal information retention plan dropped by half from the 2011 survey.
2. Methodology
• Survey performed by ReRez
• 500 global organizations
– 4 countries
• United States 200
• Canada 100
• United Kingdom 100
• Germany 100
• Cross-industry
2
3. Key Findings
• Number of companies with no retention policy cut in half
• ESI requests fail a third of the time, with consequences
• No improvement in gap between retention beliefs & practices
• Majority impacted by data privacy laws & regulations
• Inefficient backups still used for archiving & legal holds
4. Number of companies with no retention policy cut in half
• 60% of organizations have a
formal retention plan at various
stages
• Only 34% or organizations report
that their plan is fully operational
– 26% are still at various stages of
implementing
– A third (33%) were only discussing
in 2012; 30% in 2011
– 7% reported no plans in 2012; 14%
in 2011
5. ESI requests fail a third of the time, with consequences
• Requests completely or partially
fail 31% of the time
– Ability to make timely decisions
significantly up from 26% in 2011
• Organizations responded to
requests 17 times in past year
• 44% don’t rate their
preparedness as
somewhat/extremely confident
• 75% say they are less than
‘extremely responsive’
6. No improvement in gap between retention beliefs & practices
• 81% say proper information
retention allows organizations
to delete information
• However, 42% of backups are
indefinitely retained
• Organizations often delete
without considering retention
policies
7. Majority impacted by data privacy laws & regulations
• 53% say laws and/or regulations impact archiving and eDiscovery initiatives
8. Inefficient backups still used for archiving & legal holds
• 38% of data is not
needed/shouldn't be kept in
backup
• But 85% of organizations
routinely perform legal holds in
backups
• 34% of backup data unnecessary
due to litigation risk
• 56% of organizations say backup
storage is used for infinite
retention dedicated to legal hold
9. Recommendations
• Adopt a defensible deletion mindset
• Err on the side of fewer, rather than many, retention policies
• Automate privacy, retention and compliance policies to reduce risk
• Implement a solution in which legal holds can override expiry policies
• Don't use backups for long term retention