I attended a conference this week at which a speaker said, “In today’s complex regulatory landscape, every scrap of information is important—save it all.” This sounds vaguely familiar to words spoken by IT teams (and sometimes their counsel) who are worried about electronic discovery: Since we have to preserve evidence in case of litigation, we better be on the safe side and never get rid of anything.
First of all, there’s no need to save information that isn’t germane to your business or doesn’t have a specific regulatory mandate. Auditors don’t expect it, regulators don’t expect it, and neither do judges. So, whether it’s log data, electronic mail, or documents in a content management repository, take a hard look at what you're keeping. If the business isn’t asking for it, chances are it should be on a tighter retention schedule.
Second, I’ve heard the mantra “storage is cheap,” but looking at some enterprise’s bills, I’m not convinced. Furthermore, there’s a growing market of storage management solutions whose goal is to drive up storage utilization and minimize hardware costs. Data de-duplication projects are popular with executives—no sense having 1,000 identical copies of that 2MB e-mail attachment—so why exacerbate the problem by trying to keep the wrong stuff in the first place?
Third, we all have skeletons in the closet. There’s no reason to air them unnecessarily. I’m not saying that if you consciously violate service-level-agreement terms you should destroy the logs that prove it; or that if you have evidence of wrongdoing at your company you should cover it up. But once a contract is complete, it’s unlikely you need to retain it long-term. And you certainly don’t need to keep sensitive metadata—like document comments describing negotiation tactics or alternative pricing.
So, rather than “log everything,” repeat after me: “Don’t oversave.”