Journals of the Information Entrepreneur - Jacqueline stockwell
Welcome to "The Journals of the Information Entrepreneur"! Hosted by Jacqueline Stockwell, CEO and Founder of Leadership Through Data, this podcast is dedicated to empowering and inspiring information leaders across the globe. Jacqueline shares her expertise in revolutionizing information management training and delivering it in a way that captures the audience's attention and ensures their time is well spent. In each episode, Jacqueline engages with industry experts and thought leaders to discuss the latest trends, challenges, and best practices in information management.
Journals of the Information Entrepreneur - Jacqueline stockwell
043 The Defensible Destruction Strategy with Sarah Eddy
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode, Jacqueline Stockwell and guest Sarah discuss how to handle data in the modern world. For years, companies have saved everything "just in case," but that habit is becoming dangerous and expensive.
We talk about:
Why "hoarding" data puts your customers at risk.
How data storage impacts the environment.
Why you need to delete old files to stay safe from future technology threats.
How to start a "clean-up" plan for your business.
Key takeaway: You can't manage what you don't know you have. It’s time to find your data and organize it.
Connect with Sarah Sarah Eddy CERIM ARIM | LinkedInConnect with Jacqueline
Hello and welcome to today's show. I'm Jacqueline Stockwell, CEO and founder at Leadership Through Data. I inspire and motivate information leaders across the world. Today, joining us is Sarah Eddy. Sarah is an information governance specialist who describes herself as IT forward, which means she's an expert at cutting through the noise so people can understand their jobs, why their jobs are hindering them. With 20 years of experience in both the public and private sector, she specialises in building frameworks that support better decisions and deeper trust without becoming a burden. So she's here to talk to me about making information work for you rather than the other way around. So welcome, Sarah. I'm thrilled to have this session done today. So I want to first start talking about the eight-year itch. So, Sarah, you've spent nearly a decade in the weeds of data description, unstructured data. I love the weeds. I'm a kind gardener. Um what was the aha moment when you realized that traditional disposal methods just weren't cutting it anymore?
SPEAKER_00It's a good question, actually. And honestly, none of this is new. We've been drowning in data for years. And I've been in basements, moving, you know, 200 tons of physical mountains in my career, and the digital version feels very similar. So the volume is overwhelming, but the problem itself isn't that surprising. And I guess to clarify, disposal itself is the umbrella term for destruction, and it encompasses things like migrations, transfers to permanent storage, transfer to your archives body or local museum, for example. But in this context, we're talking about destruction in the true sense, actually destroying information you no longer need. So I guess it was never a real a-ha moment because it's something that I have done interspersed throughout my whole career. But the traditional disposal methods are starting to fail. Destruction itself still works, but the governance around that is where I think we're struggling and what hasn't kept up with everything.
SPEAKER_01No, and and it's interesting, isn't it? That that shift from paper to digital now. It's all this, we've got so much. Well, actually, we had a woman of oceans and we couldn't see it.
SPEAKER_00Yeah, yeah, we've just elevated that to a to a level where we can assess our risk now. Yeah. We didn't, you know, we just didn't upgrade our culture or destruction.
SPEAKER_01No. Uh or it's like, oh, I need another storage box. Well, actually, I need to buy some more storage in the cloud now, isn't it? So it's kind of really interesting. I love the way you kind of mix that. So we um so you talked about disposal. So let's just talk about discovery. So, how does data discovery lens change the way we look at a serve full of old PDFs compared to a standard retention schedule?
SPEAKER_00Yeah, when we talk about data discovery, you can put a few different lenses around it, but at its core, it's about understanding what you're actually holding. And if you're lucky enough to have one of the tools that are around or some extra time, it's about elevating the content of those old PDFs. So making them something meaningful, something that you can assess and not just store. So traditionally, we might have classified documents at the folder level. We might have said this is a folder of all of you know these finance items that sit under this retention schedule and needs to be kept for this number of years because the policy says so. But what we haven't done is look at the content itself as a source of risk. So we're starting to do that now, now that we can. And so when someone says it's just a server of old PDFs, who really cares? Well, it might not be that simple. It might be that those PDFs could be full of IT access forms, for example. And those forms include maiden names, dates of birth, full names, addresses, all the same sort of information that people use as security questions or password resets, and you know, the identity verification. So if that gets breached, it's not just a bunch of PDFs to the people who've taken that data. Um and so what that data discovery lens gives you, I guess, is the visibility. It shows you what's risky, what's harmless, what you can destroy, and what you might have been keeping that, you know, isn't necessary anymore. I love that. I love that.
SPEAKER_01So let's look at the core benefits. So there's three core benefits, right? Uh so you've got the human element. So you said people are better protected when we stop consuming their data unnecessarily. Can you expand on the ethics of data consumption? Is there hoarding actually a form of risk escalation?
SPEAKER_00Yes. Yeah, yeah, it absolutely is. So when we talk about the ethics of data consumption, I'm not coming at this as a privacy lawyer, I'm coming at as someone who I've spent years dealing with destruction and cleanup and the real world kind of consequences of holding too much information. And I guess the reality is that the value of people's personal information is skyrocketed and organizations, both ethical and unethical, are collecting it and profiling it and using it in ways that make um individuals more vulnerable to identity theft, if you like, and all of the stress and the financial fallout that comes with that. So I think for me, the ethical question is pretty simple. Why are we still consuming and storing the information that we don't need? You know, every extra piece of personal data we hold, a passport number, a bank account, a date of birth, all of that can contribute to a profile being built around someone's life and puts them in harm's way for, you know, real no, really no sort of operational benefit. Part of that. Yeah, sorry, Jackie, that is historical though. You know, we've captured information in the past that isn't essential anymore and we're still holding on to it. That's where your discovery comes into, well, we collected this in 1995, we shouldn't still be holding that.
SPEAKER_01Yeah, and it's interesting. A previous podcast that I did with Peter Locker Locker, he obviously said about the pizza menu, didn't he? That that was kind of collected and kind of get rid of that. And um, I think it's really uh good from a records management perspective that we've got just destruction, but also from privacy law we do have in the UK and in and Europe around actually don't hold information longer than necessary. What kind of things do you have in Australia?
SPEAKER_00In Australia, I know Western Australia have been doing some great work around privacy and responsible sharing of information. The very first thing that they're encouraged to do if they haven't already is to develop that information asset register. That's really the first step in any discovery process as well, if you like, so that you can document what you hold, where it lives, and what type of content sits inside it. But also you're already halfway to protecting people because you know what you're holding about people. So that is it is starting to pick up in Australia too.
SPEAKER_01Amazing. So one of the big things I really like, and I think it's a real push from information management, records management perspective, it's like the green aspect of us holding too much information. So most people don't think about um when they don't delete that they could be saving the planet, so to speak. So, like if we delete something, we save the planet because we reduce um the amount of consumption and the amount of energy that it does to hold that. What is the tangible link between defensible destruction and a company's environmental, social, and governance goals?
SPEAKER_00That's it. You already alluded to it there, in that um, you know, most people don't connect deleting an old spreadsheet with saving the planet, do they? And and it's understandable, the link isn't obvious, but it's real and it's measurable. Every file we keep, even something as small as a spreadsheet, sits on physical infrastructure somewhere, and that physical infrastructure is a data center running more or less more often than not 24-7. It's drawing power, it's generating heat, and it's requiring massive cooling systems to stay operational, which is consuming huge amounts of water. So in 2022, and I'm I'm using that data as an example because this was prior to Chat GPT and the generative AI boom, the International Energy Agency um reported that data centers consume roughly 2% of global electricity use. And that was recently upgraded to 3% and now rivals the airline industry for global emissions. So that environmental footprint that we're all contributing to when we hoard information is really important to consider. Yeah, I totally agree.
SPEAKER_01But I still don't think people understand because they can't see the servers, right? They can't they can't physically see it. So you talked about it right at the start about the boxes, and you know, you put it outside out of mind, but it's kind of the same thing. You turn up to work, flat screen, laptop, really small, save it, and there's none of that sort of like visual aspect to it, is there? It's it's not like these are the images of the servers, this is the impact. You you know, is there a way exactly? Yeah.
SPEAKER_00It's so it's difficult for us to put a lens on that for people as well. And even, you know, I've had these discussions with my parents around destroying photos they don't need on their phone, because it's making everything less efficient and it's costing the environment to store that information just because you can't be bothered deleting it. The same works for enterprise as well, but on a much grander scale.
SPEAKER_01Much I love that you talk to your parents. I think I did a a podcast before about how you explain it to your parents. So, like, well, I watched that one, I loved it. Yeah, what we do, and I just think it's just like, yeah, so I love that. Um, yeah, so we there's a massive thing around AI. Obviously, we're all talking about AI, and we've all heard the saying garbage in, garbage out, uh, for AI. One of the big things that I'm really frustrated about is everyone's looking at the technology, they're not looking around the things underneath that you know that AI pulls the information from. And that's kind of like one of my big things, but I'm not gonna get on my soapbox right now.
SPEAKER_00So in that soapbox for you.
SPEAKER_01So, in your experience, how much noise is currently sitting in corporate stores? And how does removing actually make an AI agent smart?
SPEAKER_00You asked the good questions. But when we talk about AI, everyone loves the phrase garbage in, garbage out, but most people don't realize just how much garbage is actually sitting inside your corporate environments. So it varies by organization, but I can honestly say, in my experience, I've never undertaken a di a data discovery project where anything less than 30% of the information wasn't rot. So rot is R O T, redundant, obsolete, and trivial. It's been a buzzword more recently, but I've lived and breathed it for 10 years. Redundant is your duplicate information, obsolete is information you no longer need or is no longer relevant, and trivial information is around, you know, install files or links. So anything that might be trivial that isn't actually a record as such. And that's not actually a theoretical number. That's my experience, but you know, it's repeatedly and um read repeat, but it's also benchmarked by Gartner and the International Data Corporation. This is not a figure that we've just plucked out of thin air. So it shows up as your duplicates, it shows up as your outdated versions and all the noise that bloats a system and gets in the way of the signal. And I guess a way to explain it with AI is that AI doesn't know what's noise. It treats everything as fuel. And if 30% of your environment is rot, then 30% of what your AI is learning from, if you're looking at that information or that data, is potentially irrelevant, outdated, duplicated, or you know, outright misleading, which can increase your hallucinations, your irrelevant answers. It might be looking at a policy from 10 years ago and you do that differently now. There are so many risks around AI and using the data that you have if it's not clean, that I could go on for days, like you say, I could be on this soapbox for the next two hours.
SPEAKER_01I'm gonna get on it even more now. I'm just like I'm fed up with it. I'm like.
SPEAKER_00Yeah, but it's it's really we're done. It's contributing to really poor outputs. And that's again, not another thing that's new. The information we have in our organization informs our decisions, right? So if we're now giving that responsibility to artificial intelligence, we need to make sure that we've been responsible in what we're feeding it.
SPEAKER_01Yeah, but if you even look at like the big companies, the news, like they're all talking about AI, but they don't actually talk about the layer underneath it. And it's so frustrating because it doesn't function correctly with our information leaders and the the important role that we actually do because it's just like okay, well, don't talk about the technology, talk about the information. We're all saying information is gold, protect it, secure it. Well, actually, you know, start talking about information, don't start talking about the technology that um is on it. But again, can we get my soapbox? So this is not my podcast, I'm only viewing you. That's it. So uh so um you added a really uh fascinating plus one to your list. So quantum control. So for the non-scientific people, uh, why is our current data mountain a sit and duck for the quantum computering era? And how does destruction act as a shield?
SPEAKER_00Yeah, this is a plus one because we don't really know what's going to happen in this space. We have an idea, so quantum is the curveball in this whole conversation, because we don't exactly know what it will hit, but we do know what it will break. You know, every major security body on the planet, from the National Cyber Security Centre in the UK, Australian Signals Directed in Australia, the USA and IST have already confirmed that the encryption we rely on today will be easily breakable by large-scale quantum computers. And that means anything we're storing now is effectively a sitting duck. And I guess this is where the data mountain becomes a liability, you know, if you're holding on to decades of information, whether it's rot, whether it's actual information that was relevant at the time you recorded it, sensitive personal identifiers, all of that becomes a future breach in waiting, if you think about it. Attackers don't need quantum today, they just need to steal the data now and hold it until quantum arrives. And that's already a known threat pattern. Harvest now and decrypt later. So defensible destruction then becomes a bit of a shield against that because you're not stopping quantum, you're not, you know, you're not creating better encryption, you're reducing the amount of material that becomes vulnerable in that sort of quantum level decryption when it's possible. Amazing.
SPEAKER_01Amazing. So let's talk about defense uh versus reckless. So, what is the defensible part of the equation? Um, and how do you convince a nervous, legal, or risk department um that hitting delete is actually safer than hitting save?
SPEAKER_00It's a funny, almost new challenge that we're facing, but not really for information managers. This is something that we've we've tried to deal with for years. Defensible destruction is not about pressing delete. So anyone can press delete. Anyone with the permissions to destroy a file can destroy a file. Anyone can drop a piece of paper into the disposal bin. The actual destruction isn't the tough bit. It's the governance, not the button pushing. So the real challenge is the hard part is building the pathways that get you to the point where destruction is authorized, expected, trusted, part of your organizational culture. Most organizations and people that I've spoken to in the industry don't have those pathways in place. And in fact, you know, the multitudes of environments I've seen, destruction only happens when there's sort of an impetus or an external trigger, like uh servers being decommissioned or a system's being replaced or a building's being destroyed. And the culture around regular and considered construction uh destruction, not construction, it doesn't exist. That's it's more of a governance piece than anything. And so you know it it it begins long before anything's actually destroyed. You need to know what you have, and that's that discovery piece, where it lives, how old it is, what rules to apply to it, and um you need your metadata and your audit trails and your consignment lists. That's what Liga and Risk care about is the ability to prove that you didn't, you know, just behave recklessly. And I think um there is there is one approach that we're taking that I don't think is doing us any favours, and and that is around the biggest mistake we make is walking into a business area with a list of 30,000 files and saying, can we delete these? Like we think they should go. No CFO or general counsel is going to take the responsibility of reviewing 30,000 files and going, Yeah, good, go for it. So what we need to do is actually shift that to not so much asking permission, but coming at it from the perspective of our expertise and saying, not three months from the end of the project can we destroy this, but three months before the project starts, this is what we're doing, this is how we're going to do it, and this is what we expect from you. We will tell you what's ready to be destroyed under this policy, these retention schedules, whatever it might be, so that all you need to worry about is telling me what you actually need to keep.
SPEAKER_01Agreed. And there's that proactive rather than the reactive element of it. And I think Yeah, and I think there's a layer on top of that, it's about the information leaders having the confidence and the skills to be able to present that to the board and say, these are the things that we've found to destroy. And it's how you can actually get them the emotional connection to them to understand the importance of it being destroyed. Um, and I think that's kind of where the essential skills, people call them soft skills, essential skills, um, come into play there for our industry. And it's very much, as you said right at the start, it's a new thing. Uh, one of the key things that I'm passionate about is just to making sure that we all kind of step up, we build our own brand, we build our confidence, we build, you know, storytelling because carrot and stick doesn't work anymore. Yeah. And you know, those types of things to actually really connect, to actually say, this is why. So I think it's definitely the governance, but it's also the people, the information leaders on top of that that will be able to get that passed.
SPEAKER_00Yes, absolutely. And just prove that you've acted responsibly, that you know exactly what you're doing. We do know this. Information managers have done this, and we are the profession to tell you what to keep, what to destroy, what to put on hold. That is our job.
SPEAKER_01So, it's not the thing in the world, I think. Um that too. So, yeah. Um, so for a CIO or a data officer listening who is overwhelmed by their unstructured data, what is the most important, uh, most impactful place for them to start this work that you've been talking about?
SPEAKER_00Uh, we've already kind of touched on it. So the most impactful place to start, an important place to start, is through gaining clarity over what you hold. So start building an information asset register, even a rough one. You know, you can't govern what you can't see. And to be fair, most organizations don't have a single view of what they hold, where it lives, why it even exists. So, yeah, they don't need to be perfect or detailed on day one. Just start. Start at the macro level, list your major repositories, your shared drives, your collaboration platforms, anywhere that you might be holding information and data, legacy systems, structured databases, you know, the list goes on. But just document it, understand what you hold, and get a real picture of the contents as much as possible. It's not, you know, it's it's it's hard to start, but once you get into the flow of it, you know, you can do this on paper, you can do this on Excel. The registers that the West Australian government has published excellent guidance on this in Australia around how to develop your information asset register. And globally there is advice everywhere on how to start. So just start. Start big, start small, start wherever you can.
SPEAKER_01Amazing. And even when you describe that, that can be quite overwhelming for people to even just start because they don't know where to start. So the one thing, so one thing, Sarah, that they can do to actually start that, what should they do?
SPEAKER_00Talk to their information management professionals. They know where it's at. Simple as that.
SPEAKER_01Okay, so then they start uh the information managers, so to speak, start going out to like particular areas, have conversations, you know, you could touch on that a little bit more.
SPEAKER_00But you don't even necessarily need to start there. Talk to your IT team. Where are we holding information? Do we have uh an architecture and asset register? You know, where are we, where is our information coming into the organization? Where are we sending it out? Where are we able to share? Where did we put our HR records in 2004? Because we clearly haven't cleaned that up. You know, it's it's so different with every organization, but you just need to start looking and documenting, and you'll find your own path to discovery and destruction.
SPEAKER_01Yeah, amazing. And one of the things that we we have in the UK is data flow mapping. So, as you said, see where the information's coming in. And I love those because you can do them as pictorial diagrams. Sarah, it's been absolutely sensational to have you on the show today. How can listeners reach out to you?
SPEAKER_00You are more than welcome to contact me on LinkedIn. My profile is open for any IMs, but be kind. And thank you, Jackie. Thank you for getting the message out there and continuing to get our messages out there as information professionals. You're amazing. Amazing. Thank you so much.
SPEAKER_01Thank you. Thank you for listening to the journals of the information entrepreneur. With me, Jacqueline Stockwell. I hope you found this episode inspiring and helpful and have some takeaway tips that can be useful to you. If you liked this episode, please like, review, and share it with your friends. Your support helps us reach more information leaders to stay inspired and listen to great content. Want to test out your strengths and weaknesses and measure it against our empowered framework? Please complete the scorecard. It's a great way to improve and evaluate your skills. You can find the scorecard at the end of the description of this podcast. Stay tuned for a new podcast every Thursday and remember to be bold, be brave, and be beautiful.