“Burn after reading” typically applies to top-secret messages delivered to espionage agents preparing for clandestine operations. When the fate of the world is at stake, it makes sense that you can’t let information fall into the wrong hands, that absolutely nothing can be left to chance. In today’s highly regulated world, corporations are also under increasing pressure not to let private and confidential information fall into the wrong hands. Which is why the share-and-delete capabilities, such as those that delete smartphone snapshots after they are shared with friends, may sound very tempting. What if you could share secret or confidential information and once it’s viewed, it disappears? There are just two problems with this idea. First, in many cases, especially in corporate environments, wholesale deletion is inappropriate and increases risk. Second, even when deletion is appropriate, it may not actually work! But there may be a better way. What about “share-and-protect” based on encryption keys?
Companies Have Compelling Reasons to Delete
The economic argument for deleting data is very strong. According to the Gartner IT Key Metrics Data 2012 report, the total cost of storing and managing one petabyte of information is nearly $5 million per year, which means that a large enterprise saddled with 10 petabytes of data is spending about $50 million per year. Meanwhile, research conducted by the Compliance, Governance and Oversight Council (CGOC) suggests that typically only 1 percent of corporate information is on litigation hold, 5 percent is in a records retention category and 25 percent has current business value. This means that as much as 69 percent of all the data collected by an organization today has no business, legal or regulatory value at all. This in turn means that an enterprise with 10 petabytes of data is spending millions of dollars each year to store “data debris” that could be deleted.
In addition to this persuasive logic, the benefits of deleting data include:
- Compliance with the increasing number of regulations worldwide that require the disposal of private information.
- Decreased cost and risk by reducing the amount of information that needs to be funneled into the very expensive legal review process in the event of an e-discovery request.
- Increased productivity on the part of business users who are better able to find the information they need on proliferating data shares and in immense email repositories.
Share-and-Delete: Likely Ineffective and Probably Inappropriate
So with all these reasons to delete information, it may be very tempting to imagine a platform that makes it possible to automatically delete data that’s been shared, whether it’s internal or external sharing, and whether it’s a sensitive email from a corporate officer or an email attachment that’s a copy of existing data.
Imagining such a platform, however, immediately raises the question of whether anything that gets onto the Internet can ever be taken off. In the age of distributed networks, cloud computing, automatic replication and disaster recovery technology, can any organization be sure that the information it thinks it is deleting hasn’t survived in multiple locations around the world?
Consider the curious case of the Enron email dataset, which for years has been made available for download to help researchers test and improve email tools. In response to the recent announcement of a significant amount of personally identifiable information (PII) in the dataset, Amazon Web Services opted to take down the dataset. It’s a great gesture, but this does not mean that this information is suddenly “protected.” In fact, it’s sitting on the servers (and back-up servers and cloud service provider servers) of all the companies that have downloaded it over the years. This is how information works today. It spreads.
And even if the technology existed, if every bit of information contained its own self-destruct sequence, wholesale deletion would likely still be inappropriate in many cases. Information shared internally by corporate officers across an organization—often outside the firewall—creates a knowledge base that business users often prize. Externally shared communications often become part of the recipient’s knowledge base or serve to document business transactions and processes. The idea that CEOs would habitually “share-and-delete” sensitive information would send the wrong message—what are they trying to hide? It would also severely disrupt the normal flow of commerce when required information suddenly disappeared.
A Share-and-Protect Strategy Just Might Work
A share-and-protect strategy based on encryption offers far more interesting possibilities. Let’s consider an e-discovery collection that has been forwarded to outside counsel for review and then, in part, produced for opposing counsel. What happens to the data sitting on the servers belonging to the outside counsel? What happens to the data that has been given to opposing counsel after the litigation has been resolved? Currently, the protection of that data depends on trusting the other parties to keep it secure.
But what if the data were shared only in an encrypted form, and outside counsel and opposing counsel were given keys that were revocable or that expired after a specific time period? In such a scheme, the data would always remain encrypted, no matter where it was physically stored, on the recipient’s server or in the cloud. In the event the key expired before the litigation was resolved, opposing counsel could simply get an updated key. By utilizing encryption key technology (that is, by focusing on securing the data, not just the hardware or location), if a file or drive ever gets into the wrong hands, or if the physical server in a cloud environment is ever hacked, the encrypted information remains completely protected. Even in the case of rogue attorneys who have been given the encryption key but decide to abuse their access, the encryption key could be revoked. Although implementing such a platform requires far more thought than we can go into in this article, the underlying technology already exists. Encryption key technology is readily available, and there are companies that offer solutions for small and medium businesses.
Whatever the Technology, It Must Fit Into an Information Life Cycle Governance Program
Whatever technology solution turns out to be the best for protecting shared data, it must be incorporated into an organization’s overall information life cycle governance (ILG) program. ILG programs are designed to align the needs of all information stakeholders—legal, compliance, privacy and security, business and IT—for the purpose of determining the value of information—for whom and for how long—and enabling IT to automatically dispose of information that has lost its value. Organizations that have implemented an ILG program are increasingly able to defensibly dispose of data debris, thereby reducing their cost and risk.
Under the umbrella of an ILG program, it is not at all hard to imagine incorporating strategies to identify information that needs to be encrypted and under what circumstances the encryption key should be shared, revoked or allowed to expire.
“Burn after reading” is likely not the best way to protect information in a corporate setting, but in determining the right approach for your organization, there is no “one-size-fits-all” solution. Only through an ILG program can you be sure you’re adopting an approach that meets the needs of all information stakeholders.