Skip to content
Andy Lawsonandylawson.uk

Information estates

Why duplicate deletion is the wrong starting point for file rationalisation

Duplicate reports make deletion look like easy progress. Without ownership, context and retention wrapped around them, they are a list of ways to hurt yourself quickly.

Andy Lawson12 July 20264 min read
Diagram of duplicate file candidates passing through a context and ownership lens before splitting into four governed outcomes: retain, consolidate, archive or exclude, each ending in an approved action.

Every estate scan produces a duplicate report, and every duplicate report produces the same reaction. The percentage looks like instant savings, the tooling offers to fix it, and someone proposes a deletion run as the obvious first win of the rationalisation.

Duplicates are a symptom of how the estate grew: teams copying what they could not share, permissions worked around, projects archived by copying everything one more time. Deleting the symptom first destroys the information you need to treat the cause, and it commonly does so in bulk.

What a hash match does not tell you

Content-identical files are the easy part to detect and the hard part to decide about. A hash match cannot tell you:

  • Which copy is the record and which is the convenience.
  • Who owns each location, and whether those owners agree.
  • Why the copy exists: an offline habit, a permissions workaround, a team boundary.
  • What retention applies in each location, which is a property of the place as much as the file.
  • What links, shortcuts and processes point at each copy and would break with it.

Two identical files are not one file twice. They are two locations with two histories and, often, two owners.

A duplicate report is a map of how the estate grew. Read it before you start cutting.

Retention lives in places, not just files

Retention and governance are commonly properties of the location: this library keeps records for the regulated period, that team share does not. Two identical files in those two places are not equivalent, whatever the hash says. Deleting the copy in the governed location and keeping the convenient one preserves the bytes and destroys the compliance position.

This is why duplicate decisions cannot be made from a report alone. The decision needs the map of which locations carry which duties, and that map is a product of classification, not of scanning.

Why the copies exist

Duplication is rarely carelessness. In many estates the copies were rational answers to real friction:

  • Sharing that was too awkward, so people copied instead of linking.
  • Permissions that blocked access, worked around by duplicating into a reachable place.
  • Offline habits from years when the network could not be trusted.
  • Project snapshots taken as insurance at every milestone.
  • Acquisition and migration imports that duplicated whole trees wholesale.

Each reason predicts the right outcome. A permissions workaround is fixed by fixing the permissions, then consolidating. A project snapshot is archive material. An acquisition import needs ownership before anything else. Delete first and every one of those signals is gone.

Context first, then the duplicate decision

Duplicate handling belongs inside classification and target mapping, where ownership and retention are already being established. Once the context exists, most duplicate cases resolve into one of a small number of shapes.

Duplicate cases and what to do with them

Identical content, one clear owner, one governed location
Consolidate to the governed copy and redirect the rest, with the owner's agreement recorded.
Identical content, different owners or teams
Not a deletion decision yet. Agree the record location between the owners, then consolidate.
Same name, different content
Not duplicates at all. Treat as versions and resolve through ownership, not through tooling.
Duplicates inside archive or retention scope
Archive under the retention rule. Disposal is a governance decision that leaves a record.
Copies whose owner has left
Route through discovery first. Unknown ownership is the risk; the duplication is incidental.

Where this sits in a rationalisation

The order that holds up is the same one that makes migrations safe.

Rationalisation in the right order

  1. 01Inventory read-onlyContent, age, ownership, access and duplication captured without changing anything.
  2. 02ClassifyCurrent, stale, duplicate, sensitive, unknown. Duplication is one signal among several, not a category of its own.
  3. 03Owners decideRetain, consolidate, archive or exclude, chosen by the people who own the content and the risk.
  4. 04Map into the targetConsolidations and redirects recorded in the source-to-target map, so nothing resolves into a gap.
  5. 05Execute with sign-offApproved actions only, with the record kept. Disposal happens on evidence, not on a report.
Funnel diagram showing many duplicate candidates narrowing through a context and ownership review into the four governed outcomes of retain, consolidate, archive and exclude.
Duplicate candidates pass through context and ownership before any of the four outcomes is chosen.

What a good consolidation record shows

Consolidation done properly leaves a record that survives scrutiny. For each duplicate group it should show:

AI changes the analysis, not the decision

AI-assisted classification makes duplicate and staleness analysis affordable at estate scale, which is exactly why the discipline matters more, not less. The analysis widens; the decision stays with owners. I have written about where AI genuinely helps in platform engineering, and read-only discovery with human approval is the operating model throughout.

The file migration readiness checklist treats duplicate handling as part of classification and mapping, which is where it belongs.