For years I had a recurring nightmare about data deletion.
It’s always some variation of the same anxiety dream. In one version, I’m clicking through file after file, opening each one to confirm it’s safe to delete. In another, I’m scrolling an endless spreadsheet, looking for the row where I made the mistake. Once, I was inside the server itself, physically flipping through folders. The details changed. The dread didn’t.
The root of the fear is straightforward: deleting something you shouldn’t. In my mind, nothing signals incompetence quite like that. The irony is that defensible deletion is one of the most measurable ways IG adds value to a firm. In the paper world, the ROI on destruction was slow. Vendor fees for box retrieval, review, and incineration were significant, and the cost benefit often took years to materialize. Digital deletion costs nothing and produces results immediately: lower storage overhead, reduced eDiscovery scope, a smaller attack surface for cybersecurity incidents, and cleaner data for AI applications. The case for doing it is overwhelming. So why does deletion still feel like the kind of thing that follows you into your sleep?
The answer has less to do with the data than with how we learned to think about it.
Records management before electronically stored information (ESI) was built around a simple premise: creating a document required intentional effort, so almost everything that existed was worth treating as a record. Someone took the time to curate what went into the box, remove the duplicates and transitory content, and label it with the pertinent metadata. In the analog world when you destroyed a box, you knew what was in it.
IG’s scope now includes everything that goes into producing a record, not just the records themselves. Working digitally changed the nature of what information is managed as much as it changed the volume. We moved from a world of deliberate documentation into a continuous stream of content: drafts, debates, every back-and-forth behind a decision, every convenience copy and working duplicate. Most of these files are not records. Even within repositories organized by practice, client, and matter, it’s difficult to distinguish matter record material from transitory work product, duplicates from originals, privileged and confidential information from non-privileged PII. It’s the uncertainty surrounding dark data that makes digital deletion feel dangerous.
The legal footing for deletion is not in dispute. The Sedona Conference’s Commentary on Defensible Disposition is unambiguous: absent a legal retention or preservation obligation, organizations may dispose of their information. The challenge is that legal clarity rarely translates directly into organizational confidence, and the gap between knowing you can delete and feeling certain you should is where most programs stall.
The problem, then, is not the case for deletion. It’s the confidence to execute it.
Many firms have attempted lifecycle management to facilitate deletion through a combination of policy, user-facing workflows, and even automation. The results are mixed, and the reason is consistent: most approaches put the burden of retention and disposition on timekeepers or over-tasked IG staff. Content placement strategies and user-applied retention labels require lawyers to make classification decisions on their own work, which takes time and consistency. Matter-close workflows improve on that, but work content is personal, and matter regularly lives in unapproved locations outside those workflows. Automated transfer tools that move matter content to the DMS at matter close can sweep up transient content and duplicates alongside the records, recreating the problem in a new location, adding to cloud storage costs, and requiring disposition review by IG staff. Even automated retention labels, the lowest-touch solution, don’t solve this problem because they work well in some repositories and not at all in others.
The pattern across these solutions is the same. The tools take aim at the data, but a user or an analyst remains responsible for ensuring the right data gets deleted at the right time. That’s what causes the nightmares.
Working through legacy data in the way I described in my recent posts—starting with policy, adopting a cleanup methodology, creating scenario-based disposition playbooks, and using file classification technology to discover and report data across repositories—allows IG teams to make decisions at scale. What this combination does for the analyst is change the nature of the decision in front of them. The anxiety that comes with deletion isn’t really about the files. It’s about the absence of a defensible framework for acting on them. When the framework exists, has been tested, and is approved for repeatable application, the weight of each individual decision shrinks. The deletion decision burden is taken off the analyst. They’re confirming that the conditions for deletion are met on the now-inventoried files. That’s a different cognitive state. And it’s the state from which confident, sustainable deletion work gets done.
Consider a timekeeper who has matter content stored outside of policy in OneDrive. An operationalized discovery-reporting-disposition approach allows IG to identify that content, distinguish the matter record files from the convenience copies and working drafts, and route each accordingly. If that timekeeper later departs the firm, the review of their OneDrive is a fraction of what it would have been, and the disposition decisions are clearer because much of the classification is already done.
Defensible deletion in this model isn’t a periodic cleanup event with a high-stakes checklist. It’s a continuation of an existing workflow. The rules for what require precise human review are established in advance. The data that falls outside those rules can be addressed with confidence. Once the legacy environment cleanup is complete, deletion review becomes an ongoing and repeatable part of how the team operates. Less accumulated data means a narrower scope for each review cycle and clearer criteria for disposition. The rhythm of working that way is sustainable in a way that periodic, high-stakes cleanup events never are.
This is the part the anxiety dream misses. The fear of deleting the wrong thing assumes you’re making an isolated judgment call on data you’ve never seen before, without an established framework for the decision. With operationalized information governance, the reality is that you’re applying a tested methodology based on policy to data that’s already been classified. The deletion isn’t a guess. It’s a conclusion.
I still have a data deletion dream occasionally. But it’s no longer scary. The list is now shorter, I know what’s on it, and I have a plan for exactly what to do with it.
Sources Consulted
“Sedona Conference Commentary on Defensible Disposition.” The Sedona Conference. 2019.
Kim A. Leffert and Corwin J. Carr. “Defensible Disposition of Data: Guidance from the Sedona Conference Scenario.” Mayer Brown LLP / Lexology. August 30, 2018.
“Identification and Remediation of Dark Data in Law Firms.” Law Firm Information Governance Symposium / Iron Mountain. 2015.
“AI Considerations for IG Processes.” Law Firm Information Governance Symposium / Iron Mountain. 2024.
You Have an IG Policy, Now What?” Law Firm Information Governance Symposium / Iron Mountain. 2023.