Dark Data is a term coined by Gartner. It refers to data that is collected and retained by an organization, which it does not actually analyze. The data may only be retained for the purposes of regulatory compliance. Categorizing and securing the data may cost more than its actual value.
Everyone's favorite document storage company, Iron Mountain, has posted a report online on the problem of identifying and remediating dark data in law firms. The task force that prepared the report consisted of information governance professionals at WilmerHale, Troutman Sanders LLP, Morrison & Foerster LLP, and other law firms. The report was prepared in July 2015.
A survey conducted by the task force concluded that approximately 15% of law firms have a dark data policies in place, 45% are developing such policies, and 40% have no policies on dark data.
The report recommends the use of file analysis software to archive valuable data and destroy data with no value. This software can be useful in identifying and remediating personally identifiable information (PII) and protected health information (PHI). Where is the dark data located? "Dark data lives in dormant servers, legacy applications, unclassified email messages, departed attorney mailboxes and network share drives", as well as repositories maintained by third party vendors.
Most firms assign responsibility for dark data to Records, but it may fall under the purview of IT, or other administrative departments. Most dark data is data from closed matters. Even firms that don't have a document retention policy can safely delete dark data, but they must document the steps they take in doing so.
While more than 30% of firms evaluate their dark data annually, 10% only do so as part of a system upgrade, 10% when decommissioning a server, and 20-25% never or are unsure of when dark data is reviewed.
When dealing with legacy data, several steps should be considered:
1. Review matters for legal holds.
2. Notification of matter data destruction to responsible attorney.
3. Notification of matter data destruction to client.
4. Review engagement letter and outside counsel guidelines.
5. Check local rules of professional responsibility.
6. Destroy boxes based on lack of information and inactivity.
7. Contact General Counsel to confirm decision to proceed.
Several different procedures are used to eliminate dark data growth.
1. Management of data by records or IT.
2. Data locations are assigned by administrative record owners.
3. Data locations have structured classifications.
4. Data locations are regularly monitored.
5. Data locations are periodically purged of old information.
6. Size limitations on file shares.
7. Enumeration of shared drive into document management system.
Appendices to the report provide a sample checklist for the collection of dark data; a data map; and a sample data flow diagram.