Case Study: Defensible Data Destruction and Retention Strategy at Aviva UK
Sector: Insurance & Financial Services | Focus: Data Governance, Legacy Clean-Up, Information Lifecycle Management
Background
Aviva, one of the UK’s largest insurers, traces its origins back to the late 1600s. Over centuries of operations, mergers, acquisitions, and technological evolution, the company had accumulated a vast, complex landscape of physical and digital records. Many of these records were stored in inconsistent formats across various geographies and systems—creating operational inefficiencies, increasing compliance risk, and driving up management costs.
With rising regulatory scrutiny and growing awareness of the risks and liabilities of retaining information beyond its legal requirement, the Aviva Board elevated information clean-up and lifecycle governance to a strategic priority.
The Challenge
Aviva retained Integritie, under Andrew’s leadership, to lead the design and implementation of a large-scale project to bring clarity, structure, and control to their document and data environment. The scope of the engagement included:
Discovery – Identify what documents and data were being held, where, and in what formats.
Disposition Analysis – Determine what information could be legally destroyed under relevant laws (by type, jurisdiction, and age).
Retention Governance – Identify records requiring continued retention and ensure they were brought under proper lifecycle management.
Technology Enablement – Identify and assist in selecting the right systems and partners to support both project delivery and long-term compliance for physical and digital records.
Strategic Approach
Given the massive volume of data and its spread across formats and jurisdictions, a phased and risk-managed approach was adopted. The project team narrowed the initial scope to:
Document Type: Insurance Claims
Geographic Scope: UK & Ireland
Timeframe: Past 15 years
This targeted scope enabled meaningful results within a feasible timeframe, while creating a repeatable model for broader rollout across Aviva’s global operations.
A key partner—Iron Mountain—was introduced to handle the physical document search, consolidation, and secure digitisation. Meanwhile, the technical strategy focused on automating defensible destruction processes and embedding compliant retention rules across systems.
To ensure full compliance, especially with cross-border legal complexities, guidance was taken from legal specialists and incorporated into the system design and metadata structures.
Technology Procurement & Governance
A structured vendor selection process was run to identify the most suitable Enterprise Content Management (ECM) solution. Vendors assessed included:
OpenText
Hyland
Oracle
EMC (Documentum)
Each was evaluated for:
Ability to automate retention and disposition workflows
Integration with digitised records and metadata
Flexibility in handling diverse regulatory requirements
Support for physical and digital asset management
Outcomes
A scalable, legally defensible framework was designed for both destruction and retention.
Claims documents across the UK & Ireland were brought under structured lifecycle governance.
Compliance risk was significantly reduced by eliminating information no longer required to be held.
A blueprint for full enterprise rollout was created—ready to be applied across other document types and jurisdictions.
The board received regular, transparent updates, enabling confident governance over the program’s progress and risk management.
Impact
Aviva moved from a position of reactive data handling to proactive, policy-led information governance. The project reduced regulatory exposure, drove down storage and operational costs, and improved the company’s ability to govern data across its lifecycle.
By embedding defensible destruction into both its physical and digital processes, Aviva has become an industry example of how legacy data risk can be transformed into strategic compliance and operational advantage.
