More than half of organizations surveyed experienced a data–related incident in the past year, according to new research from AIIM (the Association for Information and Image Management).

Of the 16 percent who reported a data breach, half attributed the breach to hacking and half cited staff negligence. Disturbingly, about a third of those negligent acts were willful, according to Doug Miles, director of market intelligence at AIIM.

The AIIM Industry Watch on Information Governance also shows 41 percent of respondents admit their email management is “chaotic,” and 22 percent report negative financial impacts from electronic records incidents. Nearly half — 45 percent — of respondents believe a lack of information governance makes them at risk for litigation and data loss.

Enterprise Threats

The research was underwritten by Adlib, AvePoint, IBM Enterprise Content Management, Hewlett Packard Enterprise, Iron Mountain and OpenText. It was carried out using a web-based tool by 398 individual members of the AIIM community between Sept. 4 and Sept. 30. Miles said three findings stand out.


Despite developments in other areas of information management and governance, nearly half of those surveyed admit their email is chaotic and badly managed. Lack of policy has been compounded by the archiving arrangements of popular email clients — Outlook, in particular, with its PST files created on a local drive as the default setting.

It also points that that email use on mobile devices is exacerbating problems. Mobile devices provide inconsistent and often incomplete record of where emails were sent and what documents were sent with them.

Mail servers have been equally inconsistent, the report adds, with a lack of coordination between SharePoint developments and Exchange developments

“Think about it. Just about any court case that you walk into today has email as evidence. Workers have such different ways — or no ways — of archiving them so they can be searched and that retention can be applied,” Miles said.

Other noteworthy figures around email management:

  • Only 16 percent have fixed-period “delete everything” policies
  • 19 percent have open-ended “keep everything” policies
  • 23 percent have dedicated email archive systems
  • 8 percent use value-based judgments to identify which email to retain or delete

Retention Management

The report describes data retention and storage reduction strategies as key elements of information governance. It notes, however, that only a small portion of the content storied is suitably tagged and typed so that it has a defined retention period.

The rest of the content is termed ROT –  redundant, obsolete or trivial. ROT storage is a weight on the business and provides no returns. Miles estimates that that ROT makes up between 30 percent and 80 percent of information stored across the enterprise, or an average of 51 percent across the entire sample survey.

“When I asked which content systems have effective content retention period management, only 11 percent of file share systems had something in place, which is hardly surprising. However, only 28 percent of SharePoint systems did," he said. “For cloud file share the figure is only 18 percent. Incredibly only 67 of record management systems have effective retention management.”

Legal Holds

A legal hold is a process that an organization uses to preserve relevant information in light of probable litigation. The usefulness of a dedicated tool depends on the frequency with which legal discovery calls and hold orders are made, which relates to the size of the organization.

About 31 percent of the largest organizations and 26 percent of mid-sized are managing multiple holds. But many smaller organizations don’t see legal holds as issues of concern.

“Even small companies can get whacked,” Miles said. “Maybe there is something they are not doing it correctly: the retail supply chain is not set up properly and suddenly there’s a whole bunch of investigators brought in. At this point, having a legal hold on your content system, particularly email systems, become pretty important.”

A legal hold mechanism needs to be agreed and implemented in accordance with the information governance policies, the report adds.

This is not just a question of technology, although it does tend to be one of the core records management functions that is missing in simpler document management systems systems – and early versions of SharePoint. Only 50 percent of email servers and archives have hold functionality.

The report points out that there are a number of positives across the space. For example, more companies are prepared to store records in the cloud in the wake of tighter vendor security options.

Miles said records management has moved strategically to the information governance umbrella from the isolated place it had held in many enterprises.

You can download the full report here (registration required).

Title image by Simon Wijers