The Risks of Digital Hoarding

Digital hoarding can cause major problems for an organisation. So what are the risks, what type of person digitally hoards and why, and what can be done about it?

Hoarding disorder is recognised as a distinct psychiatric condition, and refers to people who accumulate physical items to such an extent that their daily lives become extremely difficult due to excessive clutter. This can lead to anxiety, depression and social withdrawal, and can have a negative impact on their physical health, quality of life, and economic independence.

Now research is recognising that the problem of hoarding can also spread into the digital realm.

The starting point was a case study in the British Medical Journal describing a man who obsessively took digital photographs, and would then spend so much time editing and categorising them, that his normal daily activities had become severely compromised.

While digital hoarding doesn’t impact on personal living space, it can potentially cause major problems for an organisation.

In the workplace, individuals interact with an increasingly large amount of data, and some of that data is not only valuable in relation to intellectual property and organisational security, but if it relates to personal information, then the abuse or loss of such data can lead to considerable reputational damage, and significant fines for breaching data protection legislation.

Previous studies have explored the notion of digital hoarding and found that such behaviours are relatively common. They have also found that individuals showing such tendencies are concerned about the cybersecurity risks of their behaviours, and suffer some emotional discomfort when considering it.

Keeping emails ‘just in case’

To further research in this area, our project team devised and validated a new questionnaire to measure digital hoarding behaviours in the workplace. In a follow-up study, we then interviewed employees about their digital hoarding behaviours, especially in relation to their motivations underlying such behaviours.

In the initial survey of over 400 employees, we found that some individuals had accumulated many thousands of digital files, mainly in the form of emails and text files, with some people admitting to never deleting their emails. Interestingly, the reasons for lack of deletion in relation to emails were sensible enough and related strongly to organisational commitment – people were reluctant to delete emails because of the need to provide evidence of work undertaken, a reminder of outstanding tasks, or being kept simply ‘just in case’.

The more data that is hoarded, the greater the risk that a cyberattack or an insider threat could lead to the loss of high-security information

When we asked employees to consider the potential damaging consequences to themselves and their organisation of not deleting emails, they were clearly aware of the risks, yet still showed a great reluctance to delete them. Digital hoarding behaviours were strongly associated with the physical hoarding characteristics of ‘accumulation’ and ‘difficulty deleting’, so we have some evidence that hoarding behaviours span the physical and digital realms.

The Risks of Digital Hoarding

The four types of digital hoarder

In the subsequent qualitative study we identified employees from two different organisations who scored highly in relation to digital hoarding. We then invited them back to take part in focus groups to explore their motivations around hoarding in more detail. From that we were able to identify four types of digital hoarder:

  • The collector is organised, systematic and in control of their data
  • The accidental hoarder is disorganised, doesn’t know what they have, and doesn’t have control over it
  • The hoarder by instruction keeps data for their company
  • The anxious hoarder has strong emotional ties to their data and is worried about deleting it.

It may not seem at first that such behaviours are problematic (data storage is cheap and essentially limitless thanks to cloud storage) but there are risky consequences of such behaviours:

  1. Accumulating many thousands of emails/files is inefficient and can have a knock-on effect for workplace productivity and efficiency.
  2. The more data that is hoarded, the greater the risk that a cyberattack or an insider threat could lead to the loss of high-security information, intellectual property or personal data. Even if there is no external malicious data theft, the chance of accidentally releasing or losing large quantities of sensitive information is high.
  3. There is an environmental risk of data hoarding; large data servers use considerable amounts of energy thus impacting negatively on an organisation’s carbon footprint.

Our research is now focussing on how digital hoarding might relate to information security compliance and insider threat behaviours, with the aim being to provide guidance to individuals and organisations on how they can better protect themselves against the risks of digital hoarding.


About the author

Nick Neave is an Associate Professor at Northumbria University

Tags from the story
, , , ,