“There’s no central law on information retention”

Interview with Vijay Mhaskar, vice-president, Information Management Group, Symantec

samirsachdeva

Samir Sachdeva | December 23, 2011


Vijay Mhaskar, vice-president, Information Management Group, Symantec
Vijay Mhaskar, vice-president, Information Management Group, Symantec

Information explosion is a reality that all organisations, including governments, have to deal with. Information is crucial to a business, for knowledge management or for regulatory compliance. In this context, Symantec commissioned the ‘2011 Information Retention and e-Discovery Survey’ to understand the critical issues in the field of information management.
Vijay Mhaskar, vice-president, Information Management Group, Symantec, spoke to Samir Sachdeva and Shubham Batra about the key findings of the survey. Edited Excerpts of the interview:

Why do enterprises have to retain information for long?
The enterprises retain or discover information for a number of reasons. The discovery could be coming from two angles. The first is for the business reason, to make information available from the operations perspective. The second is the compliance or legal aspect, where a certain legal case is filed and you need to produce some piece of information in a court of law.

Symantec carried out an Information Retention survey. What is this survey all about?
It’s a global survey that we did. We surveyed around 2,000 organisations and 1,000 plus employees. We took a cross-industry sample. The sample included government, banking, financial services and insurance (BFSI) sectors and information technology industry. In India, about 100 enterprises polled for the survey.
Here we found wide variations in information retention practices. On one hand, there are enterprises that take care of the information as part of the formal retention plan. They know what information needs to be retained, what are the policies for retention and for how long the information has to be retained. On the other hand, there are enterprises that do not have a formal retention plan. In some cases, they are using backup tapes or are asking their employees to retain information on their laptops. Surprisingly, only 20 percent of the organisations have a formal information retention plan.

When you talk about enterprises, are you also talking about government enterprises and organisations?
Government is also included but we do not have a split of government as a separate sector. We don’t have a sample size of any vertical of the countries. It’s a hundred enterprise sample. But we know that the sample covers all major verticals.

What were the other findings of the survey?
The second finding is organisations are still not prepared. They know the risks but are taking time to address these risks. They still do not have a formal retention plan. The third key finding is that companies employing best practices are doing much better. They are well prepared for recovering information for business or legal reasons. Another finding is that the digital data is increasing at an alarming rate. Take for example the UID project. The data for one applicant including all the images is stored in a data size of 10 MB. Now we have over one billion population in India. So you can yourself imagine the size of database required.

Can you give more examples of how digital data is increasing in India?
Previously the telecom operators had to store their SMSes for about a week but the home ministry has given a directive that the SMSes have to be kept for at least six months now. It runs almost in trillions of SMSes.

It appears that different kinds of information have to be retained for different periods of time.
Every information or data has a lifecycle. The data gets created, used, referred to and then it expires. That is exactly what the enterprises have to follow. Everything need not be retained and everything has a different lifecycle. If the information has finished its life, it needs to expire and it needs to be deleted. And that is why it is very important to manage the information.
The second point is about the retention regulation. I mentioned a couple of them but, by and large, there is no central law from the government to drive retention of information. We have seen in the US and in Europe, there are laws coming up which make retaining the information madatory. But in the absence of any central direct law, what happens is that each organisation has to decide its own policy for information retention.

Do we have specific guidelines or legislation regarding data retention?

Apart from the ones I mentioned, no central law is in place. And what we have heard is that the Reserve Bank of India (RBI) may come out with some guidelines for the banking sector and there is some discussion on that, but again we don’t have any data points on that as to what are the specific directions from there.
There could be guidelines but there is no regulation. The only ones that we have seen so far are the directives that have come from the home ministry.

What is the average amount of information that an organisation needs to store?
We have observed from the survey that on an average an Indian enterprise has about 121 terabytes of data. So the terabyte club is not exclusive anymore and many organisations have a large amount of data and it’s growing at the rate of 20 percent.  

What is the storage cost factor for information retention?
A third of the backup is not really required, which indicates that that information has really expired and one could have deleted it. Besides that, there have been no fine data points we have. In general, not every piece of information is required by organisations to be kept for that long. Generally, it is very expensive to keep anything for an infinite period. What we have also observed is that how often organisations are required to produce the information for legal reasons and in India you have to provide it at least four times a year.

Are you referring to the regulatory compliances for the corporate affairs ministry for filing annual reports?
It includes all the legal issues including any criminal case against a company. It is really about any legal requirement for a company to put out its accounts.

So, what is your advice to organisations?
First, organisations need to have a formal retention plan. Once that retention plan is put in place, it is required of the organisations to delete the information that has expired.
Second, organisations should back up information where restore is required within 35-60 days. Beyond 60 days, it is mostly the information retention for legal and business reasons and the right way to retain that information really is using the archival technology.
Third, one should be able to audit the information retained. So that right information gets retained for the right period of time and then you can see if your audit is complying with the original plan.
The fourth area is about legal requirements, wherein one has to ensure that the information is not deleted. The last point is about the comprehensive and holistic view. Every year there are new sources of information getting added to ensure that the information in the archives or the retention system put in place has a very comprehensive and holistic view.

samir@governancenow.com

Comments

 

Other News

Taming turbulence in Indian aviation

The booming Indian aviation industry, among the fastest growing sectors in the world, is projected to be valued at $40 billion by 2027. But, despite robust demand for air travel across the country, more than 50 airlines have closed down in the last decade in India and most private airlines have closed with

PM Modi leaves for G7 Summit in Italy

In his first foreign visit after taking oath of office for the third time, prime minister Narendra Modi Thursday evening left for Italy to participate in the G7 Outreach Summit. “At the invitation of Prime Minister Giorgia Meloni, I am travelling to Apulia region in Italy to participat

Some market talk, some gossip – learnings over tea at RBI

A Fly on the RBI Wall: An Insider’s View of the Central Bank By Alpana Killawala Rupa Publications, 248 pages, Rs 595  

Coalition politics not expected to impact India’s foreign policy

Prime minister Narendra Modi has strived incessantly to bring laurels and much needed recognition for the nation since May 2014 when he was sworn in as the head of state. The poser which can be deliberated upon is this: What will be the consequential impact of the new era of coalition politics which confro

New govt`s first decision pushes for farmer welfare

The BJP-led NDA government has started its term with its first decision relating to farmer welfare. Narendra Modi took charge of office as prime minister of India for the third time on Monday, a day after he and his colleagues were sworn in by the president of India. In his fi

Narendra Modi takes oath for third term

Narendra Modi made history Sunday evening as he was sworn in by president Droupadi Murmu for a third successive term. Modi thus becomes the first prime minister since Jawaharlal Nehru to have comptered two full terms and beginning a third consecutive term. In the swearing-in c

Visionary Talk: Amitabh Gupta, Pune Police Commissioner with Kailashnath Adhikari, MD, Governance Now


Archives

Current Issue

Opinion

Facebook Twitter Google Plus Linkedin Subscribe Newsletter

Twitter