Employees in the Dark About Data Retention Policy (betanews.com) 40
An anonymous reader shares a BetaNews article: A new study reveals that over half of office-based employees say their companies don't have written policies on data retention or personal use of work devices, or if they do, they aren't aware of them. The study conducted by Harris Poll for e-discovery company kCura reveals communication habits that could put organizations at risk of incurring increased data retention and discovery costs in today's increasingly litigious business environment. "Complete bans on the personal use of work devices would be difficult -- if not impossible -- to implement, and could be harmful to employee morale. However, companies do need to implement reasonable policies to mitigate risk," the report adds.
Re: (Score:2)
"Fuck Employees"
That sounds great on the surface of things, but in the end it often proves problematic.
Re:Well.... (Score:5, Interesting)
When given 'a stack' to sign, simply write 'didn't read, don't agree' on the signature lines. They _never_ check.
Re: (Score:2)
Re: (Score:2)
My work doesn't even require the employee to sign the workplace policies and procedures form. That wouldn't work. It's thousands of pages. Instead we sign an "awareness of workplace policies and procedures" document that states that the document is available to be reviewed.
It's so long, I expect that it's got mutually contradictory passages all over the place to the point that it's probably close to meaningless when it comes to enforceability.
Re: (Score:3)
I read it. I've never seen a retention policy that had to be signed. Instead I hear about a policy and we're expected to follow it.
Two most common rationales I see:
"we might be sued or audited, so don't permanently delete emails"
versus
"we might be sued or audited, so delete your old emails"
Generally I see that old emails are kept, until IT complains about being low on disk space or the user gets an angry warning about being out of allocated server space.
Re: (Score:2)
My company has so far resisted any attempts for us to get them to create a data retention policy. I think they don't want to admit that there's a time when it's okay to throw things away. So far technology has kept up, so that we've just continued being able to hold on to things forever. I've got to think at some point that'll give, though.
Re: (Score:2)
Generally I see that old emails are kept, until IT complains about being low on disk space or the user gets an angry warning about being out of allocated server space.
I just checked, and the oldest email in my work inbox is almost 17 years old. LOL
Only one company ever cared... (Score:2)
Gate swings both ways (Score:1)
Before I left a horrible place I made sure source code and documentation was all checked into the shared repo and then I wiped everything local; my mail db, drives, unsubscribed from services, reset passwords for everything, y'know the works.
They didn't say boo about it while I was there or even through the exit interview but I found out after through the grapevine that apparently they wanted crap like that around and were in a huff about it, there were no formal policies they just expected people not to gi
Re: (Score:2)
Re: (Score:2)
That's what they do on classified stuff. Nothing enters or leaves the room. No cables to the outside. Only a very select group of people get to take things out of the room. When you're done with the room everything stays there and gets wiped very carefully.
Our retention policies seem to be known by all... (Score:1)
...Except legal, even though they created them they are always asking us to miracle up something that is over a year beyond the limit of our retention policies.
Essentially none (Score:3)
Management's policy process lack's the knowledge and (ugh, sorry) "agility" to adapt what they want to the ever-changing landscape of what and where data is and how it's accessed.
Whatever policy is on paper is likely woefully vague or out of date relative to technology. Much of the time the organization itself is willfully non-compliant as various centers within the company store and access data in various public clouds, social media sites, on personal or hand-held devices, and so on.
Even when everyone kind of has their shit together, the technology industry is subverting "corporate data" by turning themselves into personal technology companies, like Apple and now Microsoft, where they've figured out that if you sell to the individual end users as consumers you can essentially *make* corporations support (and sometimes buy) your product.
Haven't Had that Meeting Yet (Score:5, Interesting)
They probably don't have those policies and procedures written up because they can't end up having that meeting, or at least one that comes up with a solution. Head Honcho wants everything deleted after 6 months because of possible liablities and reveal. Low down managers don't want anything deleted because they are looking to cover their asses in possible liabilities and reveals. IT states they only have enough of a budget to store everything for one year. Workers point out that many of their projects last longer than one year and even go multiple years and they'll need all that information well past those timelines just to get the job done and support it. Legal is going to pop up and explain that things can be deleted after 6 months, except for these three corner cases they know about where they are legally obligated to hold information for up to ten years to forever, and there might be more such cases, and dependancies due to contracts. By the end of several hours, they have several conflicting policies demanded by different parts of management and half a dozen problems that need to be looked at with legal and economic issues as to why they can or can't adhere to any policy. Eventually, the day long meeting ends with another, similar meeting scheduled in another few months.
Ignoring data retention is good for the lawyers... (Score:3)
Re: (Score:1)
Nothing digital ever dies. As Clinton found out when using Bleachbit. Of course, she was lauded and not prosecuted. Anyone else would be given thumb screws doing what she did.
Doesn't matter. Even if they don't find a smoking gun they will find something else. The engineer from BP found that out by getting accused of obstruction for deleting text messages. Which nearly everyone does anyway on a routine basis. But it looked bad at that moment in time.
Delete, don't delete, they will hang you for it anyw
Policy Doesn't Matter (Score:2)
If you put your data on their device, they can copy it at any time. At that point, it's a question of trusting not only the company policy but also the staff with privileged access---most of whom you will never meet or even know by name.
A lot of places are doing HTTPS decryption and packet inspection at the perimeter, so even "secure" or "private" connections on these devices are not trustworthy. Any privacy you have is either an illusion or a convenience at best.
The bottom line: If you're not OK with it be
Re: (Score:2)
The old rule used to be get as much personal use of company devices as possible, the new rule is, leave them at work. The personal freedom you lose is not longer worth the perceived saving. That company phone is no longer a personal asset but a leash and collar used to control and monitor you. If they demand you carry it at all times, simply call forward to a personal device which they do not control.
Pizza (Score:1)
This is why I've been clicking on multiple pizza links and coupons on their device, just to make sure those people inspecting the data can feel the excitement before lunch. I do wonder if this is what made the pizza delivery boy coming in almost every lunch hour.
The only week it stopped is when I clicked on some links about sausage factories and rats eating rotten meat.
Policy is not equal to Action (Score:1)
Most of the people who go on about policies have no idea what actual data retention is, or how backups work, or which "critical files" and logs are maintained.
Or are lawyers, so they just lie to you anyway.
Now We Have Phones! (Score:2)
These days, any cutting down on personal use of computers or phones just means employees will spend more time on their personal cell phones. Telling them they can't use cell phones will just typically be ignored or result in them using their work computers against policy. Either way, it's just going to cause headaches for the managers because they aren't going to use either against an employee unless they want them fired and need a policy to present as a clear cut reason, which hits morale of all the other