Wall Street and Technology notes the problems that can arise for financial institutions attempting to fulfill federal privacy requirements concerning the data they possess:
Financial services firms already are struggling to manage their vast and ever-growing data stores in a way that satisfies existing privacy and regulatory requirements, but in the wake of the Dodd-Frank Act, this task will get exponentially more complex. […] In the end, successfully adhering to the letter and spirit of the Dodd-Frank Act requires financial services firms to do a far better job of knowing what information they have and where it is. The only way to do this is to develop a practical strategy for disposing of the mountains of information that have no legal obligation, regulatory requirement or business value. […]
Disposing of information is dangerous if a firm does not implement solid information governance policies and procedures. In fact, by implementing a robust program, firms can dramatically increase transparency and simplify the regulatory compliance process. […]
A belief that storing data is cheap and protects companies from compliance violations has fueled a “save everything” mentality. But storing data isn’t cheap. According to a 2010 Gartner report, IT shops already spend between 2 percent and 3 percent of revenues on data management, which can add up to millions or even hundreds of millions of dollars each year. Corporate data volume grew by about 50 percent in 2009, and research firm IDC predicts that data will grow by a factor of 44 in the next 10 years. Many firms have found that more than half of all the data currently being stored, archived, secured or otherwise managed has no legal, compliance or business value. […]
Studies by the Compliance, Governance and Oversight Council (CGOC) confirm the burden that this mountain of information places on organizations. Established in 2004, the CGOC is a community of information governance experts providing corporate litigation, discovery, IT and records management leaders and practitioners with the insight, interaction and information they need to develop a best practices approach to information governance. According to the CGOC, a key obstacle to disposing of unnecessary information — creating a “defensible disposal” strategy — is that most companies aren’t able to give IT practical methods to determine what can be safely eliminated.