“There’s no central law on information retention”

Interview with Vijay Mhaskar, vice-president, Information Management Group, Symantec

samirsachdeva

Samir Sachdeva | December 23, 2011


Vijay Mhaskar, vice-president, Information Management Group, Symantec
Vijay Mhaskar, vice-president, Information Management Group, Symantec

Information explosion is a reality that all organisations, including governments, have to deal with. Information is crucial to a business, for knowledge management or for regulatory compliance. In this context, Symantec commissioned the ‘2011 Information Retention and e-Discovery Survey’ to understand the critical issues in the field of information management.
Vijay Mhaskar, vice-president, Information Management Group, Symantec, spoke to Samir Sachdeva and Shubham Batra about the key findings of the survey. Edited Excerpts of the interview:

Why do enterprises have to retain information for long?
The enterprises retain or discover information for a number of reasons. The discovery could be coming from two angles. The first is for the business reason, to make information available from the operations perspective. The second is the compliance or legal aspect, where a certain legal case is filed and you need to produce some piece of information in a court of law.

Symantec carried out an Information Retention survey. What is this survey all about?
It’s a global survey that we did. We surveyed around 2,000 organisations and 1,000 plus employees. We took a cross-industry sample. The sample included government, banking, financial services and insurance (BFSI) sectors and information technology industry. In India, about 100 enterprises polled for the survey.
Here we found wide variations in information retention practices. On one hand, there are enterprises that take care of the information as part of the formal retention plan. They know what information needs to be retained, what are the policies for retention and for how long the information has to be retained. On the other hand, there are enterprises that do not have a formal retention plan. In some cases, they are using backup tapes or are asking their employees to retain information on their laptops. Surprisingly, only 20 percent of the organisations have a formal information retention plan.

When you talk about enterprises, are you also talking about government enterprises and organisations?
Government is also included but we do not have a split of government as a separate sector. We don’t have a sample size of any vertical of the countries. It’s a hundred enterprise sample. But we know that the sample covers all major verticals.

What were the other findings of the survey?
The second finding is organisations are still not prepared. They know the risks but are taking time to address these risks. They still do not have a formal retention plan. The third key finding is that companies employing best practices are doing much better. They are well prepared for recovering information for business or legal reasons. Another finding is that the digital data is increasing at an alarming rate. Take for example the UID project. The data for one applicant including all the images is stored in a data size of 10 MB. Now we have over one billion population in India. So you can yourself imagine the size of database required.

Can you give more examples of how digital data is increasing in India?
Previously the telecom operators had to store their SMSes for about a week but the home ministry has given a directive that the SMSes have to be kept for at least six months now. It runs almost in trillions of SMSes.

It appears that different kinds of information have to be retained for different periods of time.
Every information or data has a lifecycle. The data gets created, used, referred to and then it expires. That is exactly what the enterprises have to follow. Everything need not be retained and everything has a different lifecycle. If the information has finished its life, it needs to expire and it needs to be deleted. And that is why it is very important to manage the information.
The second point is about the retention regulation. I mentioned a couple of them but, by and large, there is no central law from the government to drive retention of information. We have seen in the US and in Europe, there are laws coming up which make retaining the information madatory. But in the absence of any central direct law, what happens is that each organisation has to decide its own policy for information retention.

Do we have specific guidelines or legislation regarding data retention?

Apart from the ones I mentioned, no central law is in place. And what we have heard is that the Reserve Bank of India (RBI) may come out with some guidelines for the banking sector and there is some discussion on that, but again we don’t have any data points on that as to what are the specific directions from there.
There could be guidelines but there is no regulation. The only ones that we have seen so far are the directives that have come from the home ministry.

What is the average amount of information that an organisation needs to store?
We have observed from the survey that on an average an Indian enterprise has about 121 terabytes of data. So the terabyte club is not exclusive anymore and many organisations have a large amount of data and it’s growing at the rate of 20 percent.  

What is the storage cost factor for information retention?
A third of the backup is not really required, which indicates that that information has really expired and one could have deleted it. Besides that, there have been no fine data points we have. In general, not every piece of information is required by organisations to be kept for that long. Generally, it is very expensive to keep anything for an infinite period. What we have also observed is that how often organisations are required to produce the information for legal reasons and in India you have to provide it at least four times a year.

Are you referring to the regulatory compliances for the corporate affairs ministry for filing annual reports?
It includes all the legal issues including any criminal case against a company. It is really about any legal requirement for a company to put out its accounts.

So, what is your advice to organisations?
First, organisations need to have a formal retention plan. Once that retention plan is put in place, it is required of the organisations to delete the information that has expired.
Second, organisations should back up information where restore is required within 35-60 days. Beyond 60 days, it is mostly the information retention for legal and business reasons and the right way to retain that information really is using the archival technology.
Third, one should be able to audit the information retained. So that right information gets retained for the right period of time and then you can see if your audit is complying with the original plan.
The fourth area is about legal requirements, wherein one has to ensure that the information is not deleted. The last point is about the comprehensive and holistic view. Every year there are new sources of information getting added to ensure that the information in the archives or the retention system put in place has a very comprehensive and holistic view.

[email protected]

Comments

 

Other News

"Insurance companies can`t change policy at whim"

An insurance policy cannot be changed at the whims and fancies of the insurance company, noted consumer rights advocate Jehangir Gai has said, against the backdrop of an increasing number arbitrary rejection of insurance claims due to vague policy clauses, unilateral changes to policy terms without obtaini

ATF likely to come under GST: Hardeep Puri

Aviation turbine fuel (ATF) is likely to be brought under the Goods and Services Tax (GST) in the near future, petroleum and natural gas minister Hardeep Singh Puri has said, signalling a potential change in aviation fuel taxation.   Speaking to the press in Mumbai on Friday ahead of In

Budget 2025: Meeting the expectations of youth and middle class

The new year brings with it a mix of hope and expectations, especially among the youth and middle class who have placed their trust in the Narendra Modi government. The upcoming Union Budget is being eagerly awaited by these two groups in particular, in the hope it addresses the very real concerns of a gen

This book on Gujaratis is like a sumptuous ‘thaali’…

The Gujaratis: A Portrait of a Community By Salil Tripathi Aleph Books, 744 pages, Rs 1,499 “As the l

At Davos, Maharashtra inks MoUs worth Rs 15.70 lakh crore

The Maharashtra government has signed 54 memorandums of understanding (MoUs) worth Rs. 15.70 lakh crore at the ongoing WOrld Economic Forum in Davos. The highest ever investment proposals of the state government are expected to generate 15.95 lakh jobs. The largest MoU was inked with Relianc

How Renewable Energy revolution is sweeping across India

As India accelerates its transition towards a sustainable future, its renewable energy (RE) sector has witnessed unprecedented growth. In 2024, the country made significant strides in solar and wind energy installations, policy advancements, and infrastructural improvements, setting the stage for ambitious

Visionary Talk: Amitabh Gupta, Pune Police Commissioner with Kailashnath Adhikari, MD, Governance Now



Archives

Current Issue

Opinion

Facebook Twitter Google Plus Linkedin Subscribe Newsletter

Twitter