Like it or not, you are protecting every document that you have on your server, in your cloud, in everyone’s email and on most people’s phones and mobile devices. Doesn’t it just make sense to get rid of the stuff you don’t need?
Consider a worst case scenario: Through one of the many thousands of attack vectors out there in the wild, your company suffers a security breach and documents are acquired by nefarious evil doers. The documents are spread around and personal information that had been trusted to your company becomes public information. Depending on what that personal information is , and perhaps where you or those people live, your company is going to start spending money. You may have to pay for damages, you may have to mitigate potential threats and you may have to pay for ongoing protection to some people for several years. Did I say worst case? This is where I hate that there is no way to conjugate ‘worst’ – I wish I could say ‘worser’ or ‘worstest’, because there is something worse than that scenario. What if that the information that was stolen was something that you no longer even needed?
…by reducing the sheer number of records, you can reduce your exposure to loss just might get people’s attention. Getting people talking about records retention and records destruction is a step in the right direction under any set of circumstances. Getting the requirement for a records retention policy bundled into your company’s security policy – that just might be priceless.
The above is by Daniel Antion in his AIIM blog athttp://www.aiim.org/community/blogs/expert/Records-Retention-for-Securitye28099s-Sake#sthash.TQ5ltHcg.dpuf