Data retention: Difference between revisions

← Older edit

Data retention (view source)

Revision as of 08:24, 12 December 2020

180 bytes added , 12 December 2020

→‎Liability

Amwelladmin

Bureaucrats, Interface administrators, Administrators

82,891

edits

@@ Line 1: / Line 1: @@
-{{a|technology|}}Scarcely a day goes by where a well-meaning [[information technology professional]] inveigles to a Luddite [[lawyer]] on the subject of [[data retention]], specifically its risks and costs. Their favourite routines are:
+{{a|Technology|}}Scarcely a day goes by where a well-meaning [[information technology professional]] inveigles to a Luddite [[lawyer]] on the subject of [[data retention]], specifically its risks and costs. Their favourite routines are:
 *Data retention is ''expensive''.
 *Data retention is ''risky''.
@@ Line 21: / Line 21: @@
 ====Liability====
-I am not sure what the risk of keeping business records is (except to the extent it reveals employee misbehaviour which leads to contractual, reputational or regulatory loss – but even in that case what is the sense in adopting a “hear no evil, see no evil speak no evil” approach? Shouldn’t we, as risk prudent risk controllers and compliance managers, want to ''keep'' evidence of misbehaviour?).
+I am not sure what the risk of keeping business records is, except where it reveals employee misbehaviour or (more likely) incompetence, which leads to contractual, reputational or regulatory loss. But even then, what is the sense in a “hear no evil, see no evil speak no evil” approach? Shouldn’t we, as risk prudent risk controllers, want to ''keep'' evidence of misbehaviour?
-In any case, this is undoubtedly a [[tail risk]]: if the risk doesn't materialize in seven years, what are the odds it will come back to bite later on. They're there, for sure - but low.
+In any case, this is undoubtedly a [[tail risk]]: if the risk doesn't materialize in seven years, what are the odds it will come back to bite later on. They’re there, for sure - but low.
-And let’s be clear here: a pristine email record is not a risk ''in itself'', but just ''evidence'' of it.  The ''actual'' risk is of employee misconduct. If (as seems to be the case) we assume that employees will misbehave, won’t systematic destruction of our internal record of their misbehaviour only encourage misbehaviour? How will it help root this behaviour out?
+And let’s be clear here: a pristine email record is not a risk ''in itself'', but just ''evidence'' of it.  The ''actual'' risk is of employee misconduct ''in writing the email''. If (as seems to be the case) we assume that employees will misbehave out of all proportion with the competent discharge of their duties, won’t ''systematic destruction of the internal record of their misbehaviour at the first opportunity'' only ''encourage'' their misbehaviour? How will it help root this behaviour out?
-On the other hand, the benefit of being able to mine “good” information is immediate, direct and obvious, and accrues as soon as we put the ability to search the database in employee’s hands. For every one incriminating email, there are hundreds of thousands containing valuable information about how this firm has dealt with novel situations in the past. Who wouldn't want access to that?
+On the other hand, the benefit of being able to mine “good” information — and for that matter find and act to mitigate bad information — is immediate, direct and obvious, and accrues as soon as we put the ability to search the database in employee’s hands. For every one incriminating email, there are hundreds of thousands containing valuable information about how this firm has dealt with novel situations in the past. Who wouldn't want access to that?
 {{c|Technology}}