Blog
08 Apr 2026

IM BLOG: Digital Disposal: Why Organisations Keep Putting It in the Too Hard Basket

Digital disposal is the thing we all know we should be doing, but somehow it keeps sliding to the bottom of the priority list. We've got old data sitting around, often unpatched and vulnerable.

Bethany Sinclair-Giardini - Digital Disposal Image.png

Digital disposal is the thing we all know we should be doing, but somehow it keeps sliding to the bottom of the priority list. We've got old data sitting around, often unpatched and vulnerable. We've got line of business systems (HR, Finance, Assets, CRM) that aren't configured to properly manage the full lifecycle of information assets. And we've got network drives that, frankly, need to die. Like now. Nobody needs these anymore, so why are they still being used?

The truth is, digital disposal isn't happening in most organisations because we've let it become a bolt-on afterthought rather than a fundamental part of how systems are designed and implemented. And that's not just an inconvenience - it's a risk that executives really don't like when you spell it out for them.

The Reality Check: Where Does Digital Disposal Sit in Your Organisation?

You need to ask: does your organisation carry out regular digital disposal that follows a fully compliant, defensible destruction process? If you're like most organisations, the answer is probably no or at best, sort of.

The problem isn't that people don't care about compliance or risk management. It's that digital disposal has become orphaned in the organisational structure. Information practitioners often aren't at the table when procurement decisions are made. They're not in the room when vendors present their shiny new systems. And by the time implementation rolls around, the metadata structures and workflows needed for proper lifecycle management aren't built into the configuration, they're an expensive retrofit that never quite works as it should.

Meanwhile, we're relying on systems integration to manage information assets from other line of business systems, but those systems weren't designed with information management principles in mind. The result? Data silos, abandoned legacy systems that never get properly dismantled and information assets scattered across platforms with no clear disposal pathway.

A Healthy Dose of Risk (and Reality)

Let's add some perspective to why this matters beyond compliance. Managing information assets is a three-legged stool: cybersecurity, data governance and information management. Remove one leg and the whole thing topples.

Consider these risks:

  • Old data is vulnerable data - legacy information sitting in unpatched systems is a cybersecurity incident waiting to happen
  • AI without proper governance - organisations rushing to implement AI solutions without understanding what data they're feeding into these systems is asking for trouble
  • Crown jewels unprotected - if you can't properly classify and dispose of information, how do you know where your organisation's most valuable and sensitive data actually lives?

Cybersecurity relies on information being fully mapped for data classification, disposal and business value. You can't protect what you can't see and you can't dispose of what you can't manage. Information management isn't separate from cyber and data governance, it's the connective tissue that makes both work.

The Digital Disposal To-Do List (That Actually Works)

So what can records and information managers do about it? Here's a practical roadmap that puts you back in the driver's seat:

Get in the room early:

  • Ensure IM has a seat at the table during procurement
  • Be present for vendor presentations and ask the awkward questions
  • Review contracts to understand who controls cloud backups and whether you can actually access your data

Build it in, don't bolt it on:

  • Ensure metadata and workflows for disposal are configured into systems from the start
  • Participate in user acceptance testing and speak up if the configuration doesn't meet requirements
  • Design systems so IM is invisible to users, they should be doing information management without even knowing it

Clean up the mess:

  • When implementing new records systems, completely dismantle old ones, migrate or dispose of data properly
  • Kill those network drives (seriously, they need to go)
  • Tackle data silos systematically rather than letting them accumulate

Invest in your people:

  • Upskill IM teams to become digital information specialists, if your organisation isn't doing this, they're failing you
  • Embrace the evolution from digital archivist to information architect
  • Don't let IT take over these functions by default while you revolve around them

Show the value:

  • Demonstrate how proper disposal reduces risk and supports cybersecurity objectives
  • Connect IM outcomes to executive priorities like compliance, efficiency and risk reduction
  • Position information management as fundamental, not optional

Evolve, Don't Revolve: The Time Is Now

There's a real risk that records management ends up as the hole in the middle of the donut while IT, data and systems teams move around us at an unprecedented rate. We can't let that happen.

Instead, we need to become the jam in the donut, the sweet spot that binds everything together and makes the entire enterprise compliant. Digital disposal isn't an afterthought or a nice-to-have. It's fundamental and crucial and it needs to be there from the beginning.

Yesterday's digital archivists are today's information architects. The role is evolving whether we choose to evolve with it or not. The question is: will we actively shape that evolution or will we find ourselves sidelined while other professionals fill the gap we've left?

The organisations that get digital disposal right aren't the ones with the fanciest technology or the biggest budgets. They're the ones where information management professionals have claimed their rightful place in procurement, configuration, implementation and governance conversations. They're the ones where disposal isn't an annual panic but a designed-in process that happens automatically, defensibly and continuously.

The time to evolve is now. Not next quarter when the budget is approved. Not next year when the new system goes live. Now. Because every day we wait, the data accumulates, the risks compound, and the task becomes more daunting.

So let's stop putting digital disposal in the too hard basket. Let's acknowledge the risks, equip ourselves with the right skills and authority and build disposal into every system, every process and every conversation about information management. We need to evolve our roles, demonstrate our value and ensure that digital disposal becomes as routine and fundamental as digital creation.

Because if we don't, we're not just failing to manage information - we're creating liabilities that our organisations can't afford to carry.

Meet your blog author:

Dr Bethany Sinclair-Giardini CXRIM MRIM

Bethany.png

 

Bethany works for Technology One, working on their Enterprise Content Management module through system design, client requirements, and training. A digital archivist and information architect with over 30 years’ experience, she bridges IT and IM, applying her PROSCI Change Management expertise to digital transformation.

A RIMPA Ambassador and member of AISA and The SABSA Institute, she is passionate about information governance and connecting technology, recordkeeping, privacy, and cyber. Known as a dedicated advocate and generous sharer of knowledge, Bethany is a familiar voice in the RIMPA Community.

Email: [email protected]

LinkedIn

Return to listing