No one seems to be thinking about the project AFTER data discovery

One of the things that I've noticed recently, is the obsession with data discovery.

All the regulators that people take seriously have been saber rattling about things that require people to know what they have, and be controlling it effectively.

So everyone is panicking - and embarking on discovery projects.

Then what?

It's the question that few seem to be asking.

And it's the one that every records team should be asking their data team.

Because the "then what" is a fairly complicated process.

It involves looking at what's been found and working out what the obligations are to keep it, and what the legal obligations are to dispose of it, or what the risk is - and then making a decision about what to do with it - destroy, migrate, secure etc.

What i keep finding though, is that people on the data side of the fence are using terms like "cold data" - or other terms that basically equate to the data not having been used for a while - and so being something that can just be destroyed.

If only there was a group of people who had a set of practices that helped organisations make the trade-off between regulatory obligations.

(hint - there is, it's records, that's what sentencing is for).

So all of us in records should be having a conversation with our data teams.

It shouldn't in any way be an antagonistic conversation.

I think what most data teams need is a gentle reminder that there's a set of legislative obligations that require data to be retained, that there's probably an organisational definition of record that does in fact cover data (find me some data that wasn't recorded and I will eat my shoes), and that the project that's supposed to discover, quantify and reduce legal exposure will be the project that discovers, quantifies and increases legal exposure if they don't think carefully before they destroy things.