Disposal (part 6)
This is the sixth in a series of blogs sharing lessons learned from a collaboration between DataShift and the SPEAK! campaign and the resulting conversations about data management practices among diverse organisations working to overcome social divisions around the world. The series aims to show that sound data management is built on common sense and available to everyone, no matter their level of technical expertise; to get readers thinking and talking about data; and to encourage conscious decisions about its creation, use, protection and disposal. Click here to read the earlier blog posts.
During SPEAK! 2018, campaign partners organised dialogue events to overcome division around the world. We used a loose script of questions designed to get them talking about how they work with data, and to help us design support that would meet their needs. The following questions from the script deal with the final stage of the data lifecycle – responsible disposal of old data.
The last stage of the data lifecycle is the most likely to be forgotten or given insufficient attention. It is common for organisations to become less vigilant in protecting data that is no longer in daily use, or for old data to be lost through poor maintenance or simply being forgotten about, yet it can still be harmful and still needs to be protected. We found that very few partner organisations had considered how to deal with old data.
WHAT HAPPENS TO YOUR DATA ONCE IT’S NO LONGER IN DAILY USE?
Is there a plan for data archiving or deletion? In our experience, this question is often met with silence. Deletion and archiving both demand resources: staff time, software or server costs, physical storage space, archive maintenance, and so on. Factoring these tasks and resources into written project plans from the start means that data disposal will be ‘officially’ on the agenda and more likely to occur and can be included in budgets submitted to donors.
DO YOU NEED TO KEEP THE DATA? FOR HOW LONG?
Think carefully about whether the data will be needed in future. Will it help improve future project design? Could it have historical value? Are there any legal or contractual obligations to retain it? Do you need to keep all of it, or just key parts? Indefinitely, or for a certain period? What resources (human, technical, financial) are needed? An archive can be paper or digital, technically simple or complex, according to the needs of the organisation. But in all cases, archives must be maintained, and resources assigned to this maintenance, even if just to check that everything is in order at regular intervals.
Check out these options from The Engine Room if you need assistance with archiving.
HOW DO YOU DELETE DATA THAT’S NO LONGER NEEDED?
Data that has become obsolete should be deleted securely. You may also find yourself under a moral or legal obligation to delete data if the data subject asks you to do so. As seen in earlier blogs, data is often spread through multiple locations and in various formats, so knowing where things are is crucial when it comes to deletion. Pressing delete does not always fully delete data, as back-ups can be stored automatically. For some modern hard-drives, it is very difficult to fully delete data, and it may be better to encrypt it so that it is not usable rather than deleting it as such. Paper files and old or broken hardware containing data must also be securely disposed of.
Check out these technical tips from the Electronic Frontier Foundation for how to securely delete data from different hardware and operating systems.
These blogs are based on the publication How to talk about data? Learnings on responsible data for social change from the SPEAK! campaign, and this work was made possible through a Digital Impact Grant by the Stanford Center on Philanthropy and Civil Society.