RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: RM Outsource to India or Ireland or Switzerland?
From:
Hugh Smith <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Mon, 2 Oct 2006 19:35:08 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (143 lines) 
On Oct 2, 2006, at 12:00 AM, RECMGMT-L automatic digest system wrote:

> From:    Jaspal Dugal - Sterling Solutions <[log in to unmask]>
> Subject: Re: RM Outsource to India and Elsewhere

In the article that Mr. Dugal provided it referenced the penalties for 
conviction of data theft or breaches as follows:

"Currently, the penalty on conviction of a data related crime in India 
is up  to two years’ imprisonment and a fine of up to INR 200,000 
(US$4,500).  Employers have been reminding employees of the law in the 
wake of the recent  publicity to deter any rogue employees who might be 
tempted to act maliciously.  The Government of India is working with 
the BPO industry in a review of whether  the law is sufficiently tough 
in this area."

In a country where the penalty for data theft is equivalent to the 
penalty for shoplifting in the United States, the value proposition to 
the thief is that the value of the data is extremely high in proportion 
to the penalty.  If we view data as being as valuable as gold and 
diamonds look at the penalties for theft of gold and diamonds.

In gold mines and diamond mines, extensive technology and security 
measures are in place because the temptation to steal is so strong.  If 
I enter a Jewelry Store the diamonds are not laying out on a counter 
because the amount of theft would be astronomical.  Clearly, recent 
thefts and the articles that surely follow have not only told the 
thieves what this material is worth, but who the buyers are and that 
you can resell the same data over and over again as it does not lose 
value in propagation.  Selling it need not even take place in person as 
theft can occur  electronically.

But for a moment ignore the value to the thief and lets focus on the 
cost to the Owner of the data who has unleashed the Pandora's Box with 
absolutely no way to put the data back in the box.  The University of 
Texas has spent millions to fix their data theft and that is only to 
protect them from it happening again. The true cost to the 269,000 
alumni that lost their personal privacy and financial data to who 
know's who?

Data security comes back to being a people issue.  Control of the 
people handling the data is critical.

My concern is that companies outsource their data processing offshore 
without any rights by the clients to have input until it is too late.  
As long as the data is in the country of origin, then you have some 
control in your courts for redress.  But lengthening the supply line in 
war or in data transfer creates danger. There is also a stability issue 
in foreign countries where the someone who appears to be your friend 
may turn out to under the control of another entity?  Or if the 
government is unstable?  People come to the United States, the UK and 
Canada due to the stability of the governments as this protects their 
asset value.

A great example is Ireland, in the past executives avoided Ireland due 
to issues with the IRA and Northern Ireland.  But Ireland stabilized 
these issues by prosperity across the region. Previously the 
instability caused concern but suddenly it was safer to conduct 
business in Ireland than other places.  It has become The Digital 
Capital of the European Union.

I recently went to Ireland thinking that I would talk about the 
business model in the United States but instead found out that Ireland 
is using cutting edge technology and they value security of the data as 
a chief priority.  They catalog paper storage down to the individual 
files not just by the box so they have redundant file tracking.  They 
have streamlined their imaging and scanning by going high speed to 
digital.  Filestores had seven vaults. Six concrete type for vital 
paper documents and one FIRELOCK Vault so that they could offer their 
clients a myriad of solutions.  The security on their building was well 
designed with two rows of fencing to bring a vehicle on site with 
access control, CCTV and security personnel on site, and their own IT 
department that could talk tech talk to their clients. Evaulting and 
Disk to disk.  Co-location capabilities. Top line software and tracking 
technology.  Redundant processes for checking in and out media to 
prevent lost media.  So what can I talk about when they are already on 
the cutting edge.

Hey, what happened to the U.S. being the leader in technology 
implementation?  I think we still lead in development of technology but 
maybe not.  But surely as soon as technology is developed, smart 
players around the world adopt the most practical technology as they 
recognize that media insecurity is the achilles heel of so many 
companies right now.

Soon Filestores will have facilities all over Ireland to leverage this 
investment in security but I am sure this was costly to lead with 
security when their largest competitors view security as an after 
thought.  So this enhanced security trend is spreading across the 
world; so the question may not be whether outsourcing is viable, but 
whom should you choose to provide this service. Data security comes 
back to being a people issue.  In some companies the staff are like 
families or family is interspersed in the staff.

If your vendor states that your records and media is next to worthless 
because the vendor internally classifies these records as "Inactive" 
then the failure is not with them but your own standards.  Who you 
choose to store with is an exact image of how you feel about your 
records and media. If you store in India now because it is cheap then 
will you move it to China because it is even cheaper.  Sad to say for 
many the answer is yes.  I worry about companies that make price the 
primary factor in their value proposition?

Records Managers need to be accountable for writing Service Level 
Agreements that protects their organization's interests.  Once that is 
done, you need to assure yourself and legal combined need to certify  
that this agreement can be enforced.  A Court in the Northeast affirmed 
that records have value, other case law exists in this area as well.

Ireland, Switzerland and Australia may be data havens in the future 
because they have few enemies and that is a value in this world of 
terrorism we live in.  But having a discussion on this to determine 
what our strategy on this should be is a worthwhile records management 
topic. But tomorrow may bring a new set of criteria.

The Vatican City was once a safe environment.  Can we say the same 
today?  Our world is changing and our perceptions and realities need to 
change with it.


Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134
WWW.FIRELOCK.COM

This message (including any attachments) is confidential and may be 
privileged. If you have received it by mistake please notify the
sender by return e-mail and delete this message from your system. Any 
unauthorized use or dissemination of this message in whole or in part 
is
strictly prohibited. Please note that e-mails are susceptible to 
change. Banc Tecnic Inc. dba FIRELOCK shall not be liable for the 
improper or incomplete transmission of the information contained in 
this communication nor for any delay in its receipt or damage to your 
system. FIRELOCK does not guarantee that the integrity of this 
communication has been maintained nor that this communication is free 
of viruses, interceptions or interference.


List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2