I believe that this is something that should be of interest and/or concern
to all information professionals. There's a great reason for it: email.
After all, anything that goes outside your firewall is out of your control -
so even though you manage your email effectively and correctly, keeping it
according to content and not media, and keep it for 3 years, or 7, or
whatever based on the retention schedule, if you get rid of it you have no
way to force everyone else to get rid of it. So the day after you get rid of
it, the law firm of Murphy & Murphy (M&M) serves you with a subpoena. You
respond that you don't have it and got rid of it; M&M responds that they do.
DRM allows you to force the expiration of your content...but as several in
the list have already pointed out, there are a number of issues with this,
including whether emails could be forwarded, CCd, BCCd, *printed*....
In my mind the state of encryption matters only to this point: if the DRMed
record is still supposed to be accessible, you'd need to give up the keys or
face the negative consequences of not doing so (or not being able to do so).
If it *isn't*, and the one-way encryption and discarded key are analogous to
shredding a physical record, that's it. No harm, no foul, by definition.
This is what Decru and others do with their "file-shredding" technology.
I am not a lawyer, and can't even play one on TV, but I'd think this
approach would be pretty defensible AS LONG AS the previous assertion holds
- that is, the record was DRMed or encrypted in accordance with the RRS and
normal course of business, no litigation present or anticipated, etc. I'd
also document in policy and procedures that that is the normal course of
business for destruction of electronic records.
Cheers,
Jesse Wilkins
CDIA+, LIT, ICP, edp, ermM, ecmS
IMERGE Consulting
[log in to unmask]
(303) 574-1455 office
(303) 484-4142 fax
YIM: jessewilkins8511
Chair, AIIM Master Accreditation Committee
Chair, ARMA Glossary Task Force
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf
Of Deidre Paknad
Sent: Wednesday, August 09, 2006 1:09 PM
To: [log in to unmask]
Subject: Re: FW: Stellent Acquires SealedMedia and Bitform
The notion of using encryption to end the retention lifecycle of a document
is an interesting one. The document still exists physically although it is
very very difficult (expensive) to open. Is it therefore discoverable and
what obligations if any might companies have to produce it in litigation?
If the keys exist somewhere (anywhere), then are there instances where that
file must be collected and produced? Certainly, the preservation and legal
holds issues will be non-trivial in terms of managing the keys. Disposal
of keys rather than the file is sort of the opposite of the DoD erasure
standard isn't it?
Thoughts? Any experiences opening encrypted files in litigation?
Deidre
________________________________
From: Records Management Program on behalf of Taina Makinen
Sent: Wed 8/9/2006 11:54 AM
To: [log in to unmask]
Subject: Re: [RM] FW: Stellent Acquires SealedMedia and Bitform
Doug Allen wrote:
I wonder how the incorporation of "digital rights" capabilities will match
with the real records management issues based on the announcement on
Stellant's acquisition. Anyone want to begin taking bets?
According to the press release I saw, the digital rights components will
"allow records and retention rules to move with the content, wherever it
goes... even if the document has been stored locally or emailed...". From
information at the SealedMedia site (www.sealedmedia.com), it appears that
users will need to load special software on any external devices (laptops,
etc.) that hold the records; the software will communicate with a license
server, presumably to enforce whichever access or retention rules apply to
the records in question. Sounds too good to be true, or rather, sounds too
good to be true to life. ;)
Cheers,
Taina Makinen
Vital Records Specialist
Canadian Tire Corporation
****************************************************************************
*******************************************
This message, including any attachments, is privileged and may contain
confidential information intended only for the person(s) named above. If
you are not the intended recipient or have received this message in error,
please notify the sender immediately by reply email and permanently delete
the original transmission from the sender, including any attachments,
without making a copy. Thank you.
Ce message, y compris toutes ses pièces jointes, est confidentiel et peut
contenir des renseignements destinés uniquement aux personnes dont le nom
est indiqué ci-dessus. Si vous n'êtes pas le destinataire prévu ou si vous
avez reçu ce message par erreur, veuillez en aviser l'expéditeur
immédiatement, en lui répondant par courriel. Veuillez aussi supprimer
définitivement le message original de l'expéditeur, y compris toute pièce
jointe, sans faire de copie. Merci.
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|
