Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1530716
65 I L T A N E T . O R G personal and sensitive data, classify the data within them, and even determine usage to a certain extent. Regardless of the method used, organizations may want to build a data catalog incrementally to reduce the burden on organizational resources. Organizations can begin with high-risk databases—those most likely to contain significant volumes of sensitive data, such as Social Security numbers or credit card information. Once these are cataloged, organizations can expand to lower-risk systems, gradually building a comprehensive catalog. This approach allows organizations to significantly mitigate risk without overburdening organizational resources. S T E P 2 Identify Data Unnecessary for Legal Reasons A standalone data catalog lays a solid foundation, but organizations must identify what they can dispose of. Organizations can defensibly dispose of data they no longer have a legal obligation to retain. There are two primary reasons for retaining data for legal purposes: Retention Regulations and Legal Holds. • Retention Regulations: Many jurisdictions require organizations to contain personal and sensitive data, the types of data within them, and how they use it. This process often requires significant time and effort from employees. Moreover, it is prone to errors because employees may provide incomplete or inaccurate information about the data and its usage. • Automated Method: Modern software solutions allow organizations to build a data catalog using software solutions efficiently. Leading data discovery software can automatically identify databases with S T E P 1 Build a Comprehensive Data Catalog The cornerstone of effective data disposal is a complete data catalog. A data catalog identifies the databases containing personal and sensitive data, the data types stored within them, and how the organization uses them. Organizations can create a data catalog manually or through automated data discovery solutions: • Manual Method: This involves interviewing employees to identify which databases A GUIDE TO SECURE AND COMPLIANT DATA DISPOSAL Navigating the complexities of data disposal requires a structured and thoughtful approach. Organizations must move beyond ad hoc efforts and adopt a systematic strategy to ensure compliance, reduce risks, and protect sensitive information. Here is a step-by-step guide to getting it right: FEATURES