Saving Money and Mitigating Risk through Defensible Data Disposition Planning

By Dan Meyers

The volume of data that businesses generate today is unprecedented. By 2006 global email traffic alone had reached an estimated 183 billion messages a day, and since then it has continued to grow at a rate of approximately 30% annually. Indeed, a single global corporation has reported that its employees create around 5.2 million emails every day.

This onset of the big data era has resulted in a “perfect storm” for modern companies—litigation costs have skyrocketed, storage concerns are omnipresent, and exposure to privacy and cybersecurity threats has never been higher. Yet, despite these concerns, most businesses approach data with the same “save everything” mentality from yesteryear—even though 70% of the data stored is not actually used for operations and is subject to no legal or regulatory retention obligation.

Exploding Costs of Litigation and Investigations
The volume of data that a company stores is directly proportional to its legal costs. The median cost of collecting, processing, and reviewing a single gigabyte of data can be as high as $18,000, according to a recent RAND study. As a result, in an average litigation or investigation, the expenditures related to e-discovery alone constitute from 50% to 90% of a business’s total legal spend. And these figures do not capture the potentially significant cost savings of a reliable early case assessment that is delayed by needing to sift through huge troves of irrelevant and even “warm” documents.

Cybersecurity & Data Privacy Risks
As businesses maintain more data, they also increase their exposure to security breaches and the resulting costs. While only the largest and most sensational breaches make front page headlines (e.g., Ashley Madison, OPM, Sony), cyberattacks target companies of every size and industry. According to a recent survey by PWC, in 2014 there were an estimated 42.8 million attacks, or 117,339 attacks per day. Plus, the annual financial loss per organization due to cybersecurity incidents that year was $2.7 million, a 34% increase over the previous year. Globally, the Center for Strategic and International Studies estimates that the cost of cybercrime is between $375 billion and $575 billion every year—and this doesn’t even include the reputational and brand damage that results from a successful breach.

Storage Costs
Finally, increased data volumes have substantially increased storage costs. On average, it costs $3.12 million per year to store 1 million gigabytes of data. To put that price tag in perspective, 19% of companies report storing between 1 million and 499 million gigabytes of data, with an additional 37% storing between 500,000 and 1 million gigabytes. The costs not only include direct expenses, such as paying for the storage itself (whether on internal servers or through cloud-based services) and related technology infrastructure (including back-up and disaster recovery systems), but also the indirect costs of data migration and employing/training the personnel necessary to maintain and manage the information.

Data Disposition Planning
The costs and risks of storing ever-increasing volumes of data have led businesses to look for alternatives to the “save-everything” subculture. The preeminent alternative, data disposition planning, helps companies decrease their data storage significantly by identifying and disposing of data that has no operational benefit nor falls under any legal/regulatory requirements for retention. Data remediation plans are particularly effective tools because they are fully customized to meet the particular needs of the target company, taking into account its industry, operational requirements, regulatory environment, resources, and risk tolerance.

Dan Meyers is President of TransPerfect Legal Solutions’ Information Governance Division, and has over 10 years’ experience advising organizations on e-discovery and the related fields of privacy, cybersecurity, and defensible data disposition. Dan is certified as an E-Discovery Specialist (ACEDS) and an Information Privacy Professional (CIPP/US). For more information about Information Governance, contact Dan at or +1 212.689.5555.