It may come as no surprise that law firms routinely store huge amounts of client and administrative data in both electronic and paper format. Although lawyers are legally and ethically required to retain certain kinds of data, some data is retained unnecessarily. When you store data you aren’t required to keep or don’t need, it’s called data hoarding. The risks and consequences of hoarding data include:Legal exposure – Old data in one matter may be discoverable in another unrelated legal action, even if the firm is not a party. Reviewing volumes of data to determine what is potentially relevant for discovery can be expensive and time-consuming. More data makes the process even longer and more costly.
Security risk – Physical theft or loss of data in paper files is a security risk that pales compared to cyberattacks on electronic data. While there are limited means to physically steal paper files, cyberattacks may involve malware, phishing, hacking, and other computer activities performed anywhere in the world. Over-storing data can increase a firm’s risk of cyberattacks that can cause a data breach. This may expose the firm to financial loss and potential lawsuits by clients or others affected by the breach.
Cost – Although it’s cheaper to store electronic files than paper files, the cost doesn’t decrease as firms amass more data. The firm’s existing infrastructure must expand to accommodate additional data. This means increased expenses for storing and backing up unneeded data, upgrading server capacity, migrating data from older systems to newer ones, and recovering from disaster.
Given these risks and consequences, why do firms over-save data?Fear of spoliation – Many lawyers try to avoid spoliation of evidence by keeping every paper and electronic document in a matter, including copies of the same document.
Fear of a future need – Other lawyers worry they might need the data in the future perhaps to defend against a potential legal malpractice suit.
Uncertainty about which data to delete – Some lawyers don’t know what could and should be destroyed and are not familiar with how the laws or rules apply to data retention.
No time to clean out files for shredding or deletion – Its’s time-consuming to sort through files to determine what should be destroyed, and the task is not billable.
Path of least resistance – It’s just easier to keep everything and forget about it. It’s understandable and advisable to be cautious when handling data in your possession. However, being cautious also means taking steps to reduce risks by not saving unneeded data for longer than necessary.