Can't Lose What You Don't Have

There's a lot of different types of data leaks that have made the press. Hackers compromising servers, laptops stolen, backup tapes lost. But some of those data losses share one thing in common -- the data was never supposed to have been there to lose in the first place.

Remember the CardSystems Solutions breach back in 2005? It was one of the earlier and worst breaches to kick off the trend in high-profile leaks in recent years. One of the biggest problems with that incident was that they were keeping data they were -- not only by common sense, but also according to their contracts with credit card companies -- supposed to delete.

After all, the best way to make sure you don't accidentally tell a secret is to make sure you never know it in the first place. It's very easy to collect data. Computers are good at that. Getting rid of data, however, is one of the best protections you can have in the case of data you don't need.

Privacy advocates have been arguing the merits of not keeping data unnecessarily for years now, but with all of the sanctions and repercussions for inappropriate disclosure, now sure seems like a good time to review exactly what the business case is for the data your keeping. Besides, think of all the money you can save on storage and backup.

This also applies directly to the new so-called E-discovery rules mandating certain responses in the face of subpoenas for information. If you aren't logging it, or have a policy of not keeping it, you can save yourself a lot of headaches in the court room as well.The "storage is cheap, log everything" mentality Google has might be useful for some types of data, but make sure it's not being applied indiscriminately to all data flowing through your organization.