Symantec's 2012 Information Retention and eDiscovery Survey

Symantec's 2012 Information Retention and eDiscovery Survey Reveals
Improvement in Planning but More Failures in Policy Implementation 
Substantial Gap Remains Between Beliefs and Practices in Retention
MOUNTAIN VIEW, CA -- (Marketwire) -- 01/10/13 --  Symantec Corp.
(NASDAQ: SYMC) today announced the findings of its 2012 Information
Retention and eDiscovery Survey which examined how enterprises manage
their ever-growing volumes of electronically stored information (ESI)
and prepare for the eventuality of an eDiscovery request. The study
found the percentage of organizations without a formal information
retention plan dropped by half from the 2011 survey. However, even
with this improvement, organizations struggle with implementing their
information retention plans as only a third of organizations report
their plan is fully operational.  
Read Blog Post: If You Fail to Implement Your Information Retention
Plan, Then You Plan to Fail 
 Click to Tweet: Symantec survey reveals
improvement in information retention planning but more failures in
policy implementation 
Non-implemented plans risky to organizations
 Nearly two-thirds (60
percent) of organizations say they have a formal retention plan, yet
only 34 percent report those plans are fully operational. The
perceived cost of implementing their plans is reported to be the most
common reason why organizations are lagging in plan implementation.
The survey found that only 7 percent of organizations don't have any
plans in place, a 50 percent drop from 14 percent of organizations
reported in the 2011 survey. 
Even more concerning is that while they received on average 17
requests for electronically stored information, these requests failed
31 percent of the time. This is significantly higher than the 20
percent of failures reported in 2011. Each time a failure occurs, the
organization is at risk. Forty-three percent reported the inability
to make decisions in a timely fashion as the biggest consequence of
these failures. Other consequences reported include damage to
reputation, compromised legal position, fines, raised profile as a
litigation target and court sanctions. 
"The survey highlights that, although there is a reduction in the
number of organizations without an inform
ation retention plan,
organizations haven't fully funded and implemented their plans," said
Trevor Daughney, Director, Information Intelligence Group, Symantec.
"With the number of ESI requests and failures to obtain requested
information increasing, organizations face risks that are much more
costly in the long run than implementing their plans." 
No improvement in gap between retention beliefs & practices
 There is
still a substantial gap between beliefs and practices in retention
policies, which has not significantly changed year over year.
Eighty-one percent of respondents believe that a proper information
retention plan allows organizations to delete information on an
ongoing basis. However, 42 percent of backups are indefinitely
retained by organizations. This is virtually unchanged from the 2011
results. And, information that is deleted by organizations is often
deleted without considering established retention policies.  
The most reported negative consequences resulting from preserving
more electronically stored information than necessary include:
Increased costs associated with collection, analysis and review (54
percent); increased time spent to collect, analyze and review ESI (47
percent); increased risk that sensitive information may be disclosed
(44 percent); compromised position in potential or actual litigation
(27 percent); and information unintentionally made available for
potential future litigation (28 percent).  
The survey also reports that organizations are keeping information
longer than is needed, and keeping the data within backups rather
than archives for legal holds, which reduces efficiencies when
performing an ESI request. The survey reveals that 38 percent of data
that organizations back up is not needed or shouldn't be kept in
backup. In fact, respondents say that a third of backup data (34
percent) shouldn't be kept and is unnecessary due to litigation risk. 
More than half of organizations keep that data indefinitely: 56
percent of organizations reported that their backup storage is used
for infinite retention that is dedicated to legal hold. This has
grown from 43 percent in 2011 and continues to get worse. Further, 85
percent of organizations routinely perform legal holds in their
backups, which are not designed to be accessed in the same way as an
Majority of organizations impacted by data privacy laws &
 As expected, data pri
vacy laws and regulations have
significant impact on organizations with 53 percent reporting that
laws and/or regulations impact archiving and eDiscovery initiatives.
However, there are many reasons respondents report collecting
electronically stored information including: Litigation (60 percent);
internal investigations (59 percent); internal compliance initiatives
(58 percent); compliance with international regulations and laws (57
percent); compliance with local regulations and laws (55 percent);
governmental inquiries or investigations (52 percent); and public
information requests (46 percent).  
 Following are
recommendations that organizations can implement to help them more
effectively implement their information retention plan: 

--  Adopt a defensible deletion mindset: When organizations can adopt a
    defensible deletion mindset they can delete information with
    confidence according to their information retention policies.
--  Err on the side of fewer, rather than many, retention policies: This
    improves the odds of successful information governance. Start with
    deleting obvious unnecessary files, then set minimum retention periods
    for compliance. Additional policies can be added later, if necessary.
--  Automate privacy, retention and compliance policies to reduce risk:
    Allowing your policies to automatically work as they are designed not
    only reduces the risk of inconsistencies in policy implementation, but
    reduces the risk of unintentional access or distribution of
--  Implement a solution in which legal holds can override expiry
    policies: Consider a unified eDiscovery solution where legal holds can
    be easily implemented to override expiry policies to avoid spoliation
    and sanctions.
--  Don't use backups for long term retention: Backups are for recovery,
    archiving is for discovery. Deploy an archiving solution to quickly
    and easily respond to search requests for electronically stored


--  Report: Symantec 2012 Information Retention Survey
--  SlideShare Presentation: Symantec 2012 Information Retention Survey
--  Blog Post: You Fail to Implement Your Information Retention Plan, Then
    You Plan to Fail
--  2011 Information Retention Survey Materials

Connect with Symantec 

--  eDiscovery 2.0 Blog
--  Follow Enterprise Vault on Twitter
--  Follow Clearwell on Twitter
--  Follow Symantec on Twitter
--  Join Symantec on Facebook
--  View Symantec's SlideShare Channel
--  Subscribe to Symantec News RSS Feed
--  Visit Symantec Connect Business Community

About Symantec
 Symantec protects the world's information, and is a
global leader in security, backup and availability solutions. Our
innovative products and services protect people and information in
any environment -- from the smallest mobile device, to the enterprise
data center, to cloud-based systems. Our world-renowned expertise in
protecting data, identities and interactions gives our customers
confidence in a connected world. More information is available at or by connecting with Symantec at: 
NOTE TO EDITORS: If you would like additional information on Symantec
Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars
and are valid only in the United States.  
Symantec and the Symantec Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and
other countries. Other names may be trademarks of their respective
FORWARD-LOOKING STATEMENTS: Any forward-looking indication of plans
for products is preliminary and all future release dates are
tentative and are subject to change. Any future release of the
product or planned modifications to product capability,
functionality, or feature are subject to ongoing evaluation by
Symantec, and may or may not be implemented and should not be
considered firm commitments by Symantec and should not be relied upon
in making purchasing decisions. 
Jerry Gowen
Symantec Corporation
+1 503-690-4714 
Chris Walker
Connect Marketing 
+1 801-373-7888 
Press spacebar to pause and continue. Press esc to stop.