Throughout our blog, we’ve provided a substantial amount of content about how to prepare for and implement an information governance initiative within your organization. Most of that advice is geared toward managing information that your governance team knows about. As is often the case, putting a plan in place to manage information that you don’t know about (often referred to as “dark data”) can be much more challenging.
By definition, dark data is information that is not being tracked through any information management process. It is often the by-product of typical information worker activities and it can frequently be found on individual user hard drives, cloud-based storage platforms or removable media such as a USB or DVD.
Here’s a real-life example of how easily dark data can accumulate:
Before embarking on a client visit, a sales manager extracts a list of customer purchase information from a corporate database and imports it into Excel so she can prepare for her meeting while in transit. After the road trip is completed, the spreadsheet is left behind in her ‘My Documents’ folder and (often) forgotten.
Imagine a scenario like this spread across several sales reps, project managers, etc. and it’s clear that almost every organization will have some dark data. This situation can pose many problems, here are just a few ways dark data can become a risk factor:
- Litigation Risk – If your organization is prone to litigation, dark data can be the repository of ‘discoverable’ information that has escaped any defensible disposition process. This type of rogue data can extend the scope of your eDiscovery data collection effort and greatly increase the overall cost of the process.
- Data Leakage Risk – High profile data breeches have become an increasingly common occurrence. If the sales manager mentioned in our example had her device lost or stolen, any corporate information contained therein is at risk of being leaked.
- Opportunity Risk – One of the unfortunate side effects of dark data is there can be a lot of potentially valuable information sequestered within it. Finding a way to effectively locate intellectual property hidden within dark data and share it with others can provide a significant benefit to your organization.
Mitigating dark data isn’t an easy proposition. Certainly implementing an encryption standard for data being used by your mobile workforce can minimize the data leakage risk. Addressing the litigation or opportunity risks will most likely involve deploying monitoring software that can help you identify and/or dispose of data that is outside of its useful life cycle.
Sherpa’s Altitude IG platform offers two features that can help mitigate some of the risk. Altitude’s Reporting and Analytics module provides insight into the age of information contained in network file shares or individual hard drives:
Metrics like these can provide an early warning that old information is being retained. Armed with these metrics administrators can use the Altitude Policy module to craft defensible disposition policies to either delete specific information or relocate it to a quarantine area for a more detailed examination. To learn more about how Altitude IG can help you identify and manage dark data, contact us for a demonstration.