Blog
10 Feb 2026

IM Blog: The Most Expensive Mistake: Why Records Retention is Too Expensive is Dead Wrong

If you think records retention is too expensive, this blog shows why the real cost lies in productivity losses, legal exposure, data breaches and the far greater price of doing nothing.

Blog The Most Expensive Mistake Why Records Retention is Too Expensive is Dead Wrong (1).png

We can’t afford records retention right now.

Every time I hear that phrase I want to ask: Compared to what? Bankruptcy? Crippling lawsuits? A complete operational meltdown?

Budgets are tight, but claiming records retention is too expensive is like saying insurance costs too much while your building is made of matchsticks. You’re not saving money, you’re setting a financial time bomb.

You’re Already Paying (Just for Chaos)

You’re already doing records management - you’re just doing the most expensive, least effective version of it.

IDC research shows knowledge workers spend an average of 2.5 hours a day (about 30% of their time) searching for information. In an organisation of 1,000 employees earning $80,000 annually, that’s over $26 million in lost productivity every year. Suddenly, investing in retention and disposal doesn’t look like a cost – it’s a major saving.

Without a structured retention and disposal schedule, organisations become digital hoarders. Redundant, obsolete and trivial data consumes information storage, slows systems and clutters search results. The DSPANZ Data Minimisation and Retention Best Practice Guide reinforces this: keeping only what you need, for only as long as you need it, reducing cost, risk and complexity.

When the Lawyers Come Calling

Nothing transforms we can’t afford retention into pure panic faster than a lawsuit.

In Australia, discovery costs often account for 10–20% of total litigation spend.  For example, one Federal Court case had about $375,000 in discovery costs within a $2.7 million total litigation billalrc.gov.au. Without clear retention and disposal schedules, everything becomes potentially discoverable and costlier to manage.

Recent cases prove the point. In 2022, the U.S. SEC fined Wall Street firms hundreds of millions of dollars collectively for recordkeeping failures. In Australia, the Corporations Act 2001 requires companies to keep financial records for seven years and non-compliance carries penalties of up to $26,640 per offence. That’s before reputational damage is even counted.

The Breach and Ransomware Reality

Every unnecessary record you keep is a liability.

IBM’s 2024 Cost of a Data Breach Report put the global average cost at US$4.88 million, with healthcare breaches averaging nearly $10 million. Ransomware attacks now routinely exfiltrate data before encrypting it, threatening exposure unless a ransom is paid.

Data minimisation, as DSPANZ stresses, is your strongest defence. Organisations with robust retention and disposal schedules reduce their attack surface, contain breaches faster and recover at lower cost. Hoarders pay dearly.

Compliance Is Non-Negotiable

Retention is not just about saving money though, it’s about meeting your obligations.

  • GDPR (EU): fines up to €20 million or 4% of global revenue.
  • HIPAA (US) : penalties from $127 to $1.9 million per violation.
  • Privacy Act (AUS): fines up to $50 million or 30% of annual turnover.
  • Privacy Act (NZ): fines up to $10,000.

A defensible retention and disposal schedule is the clearest way to demonstrate compliance. Regulators don’t expect perfection, but they do expect clear, systematic processes.

The Innovation Dividend

Executives often miss the upside, retention isn’t only about risk - it enables innovation.

When staff can find what they need quickly, productivity soars. When research teams can locate and build on prior work, rather than reinventing it, innovation accelerates. Deloitte estimates poor information practices cost large organisations $2.5 million annually in lost productivity.

Well-governed organisations treat information as a strategic asset, not a digital dumping ground. The ability to leverage knowledge becomes a competitive advantage.

The Real Numbers

For a mid-sized Australian organisation (500–2,000 employees), implementing retention looks like this:

  • Setup costs: $150,000–$400,000
  • Annual maintenance: $50,000–$100,000

Now compare that with the costs of doing nothing:

  • Average data breach: $7.3 million
  • Regulatory fines: up to $50 million
  • Litigation discovery: $375,000.
  • Productivity losses: $26 million annually in a 1,000-person company

It takes only one lawsuit avoided or one breach contained, to pay for a program many times over.

The Bottom Line

In decades of working in this industry, I’ve never seen an organisation fail because they implemented proper retention and disposal. I’ve seen plenty stumble, and some collapse, because they didn’t.

The choice isn’t whether you can afford a retention and disposal schedule. It’s whether you can afford the consequences of not having one. Every day you delay increases your exposure to legal, regulatory and operational risks that dwarf any setup costs.

So the next time someone says, Records retention is too expensive tell them the numbers. Then ask Compared to what?

Because the most expensive mistake is pretending the problem will go away on its own.

 

Meet your blog author:

Peta.png

 

Peta Sweeney CXRIM FRIM (Life), Information and Content Specialist, RIMPA Global

 

Return to listing