Bruce Schneier has codified another lesson from the Sony Pictures hack: companies should know what data they can safely delete. He says, “One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. … Everything is now digital, and storage is cheap — why not save it all?

Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company.

Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done.

http://arstechnica.com/security/2015/01/the-importance-of-deleting-old-stuff-another-lesson-from-the-sony-attack/