The trends in the industry are: There are over 50 Class Action FACTA
Lawsuits about data loss, Universities are pursuing ultra high
security measures to protect their students private information,
(these according to ARMA's recent email) and SOX, Rule 26, GLB, ESI,
and Rule 37 create tremendous regulatory pressure on corporations to
protect their secure data, corporations are contracting with Brink's
Armored Transport and Dunbar and Wells Fargo to make sure their data
is secure from portal to portal. A whole new breed of offsite Media
Vaulting companies are developing. The Identity Theft requirements
of making public ( read hugely embarassing and stock value crashing
here) disclosure within 45 days mandatory or the corporation is
liable for contingent liability.
At the recent PRISM Conference, the hottest topics were on Media
Storage and how to do it right. A whole new publication on the ideal
operational practices for media storage was presented. The offsite
storage industry is reacting. PRISM is being responsive to their
member's clients by exploring heightened security. At the NAID
Conference all they talk about is security. They have a
Certification Program that is highly effective. The industry is much
more secure now than 5 years ago.
Corporations have let it be known that either you improve security or
we will pull it back in house. Disk to Disk mirroring is on the
rise. Our Server Vaulting division has taken a big jump in
popularity as corporations look for new measures to protect data at
its genesis. The average life of a box in storage has been
drastically reduced.
Reasons for this: SOX "pierces the corporate veil" thus making the
Board of Directors directly liable for any loss of data or other
malfeasance. NO OTHER LAW HAS SOUGHT TO PIERCE THE CORPORATE VEIL
QUITE LIKE THIS! In reaction to this: The Corporate Boards have
created Audit Committees to the Board; with at least one a financial
wizard to be able to interpret data to make sure they are
representing things properly and this committee has much more power.
This Audit Committee is extremely important with a great deal of
power. Records Managers will be hearing from them or better yet,
you seek them out. If not, Rule 37 and 45 will send them to your
door. Over 80% of corporate boards feel they would not measure up to
a request for electronic discovery and this is an opening for you.
99 days is a very short fuse to present all of your data mapping and
formats to discovery. Can you provide the inventory of every box in
your program accurately.
Meanwhile, the Congress is developing new laws to make those party to
a loss be responsible for a portion of the cost based on their
culpability. So if you are a third party processor you need to step
it up. If you are an offsite storage company you need to really put
tight management control on your software, delivery staff and in-
house management of media to make sure what comes in, stays in; and,
what is to be delivered is delivered to the right person and an audit
trail is developed to prove it.
One issue that might reflect badly on records management is that the
new laws will require some identification of what is exposed in each
box of records. In computer media, the IT manager can develop a
listing of exactly what was lost on a tape and even a laptop that was
stolen if they are in a standard protocol back up plan. If you cannot
identify what is in each and every box you store offsite you expose
your corporation and others to liability. Are you prepared for
this? A good records manager with proper tracking software should be
able to tell what is in every box. Is is private data or accounting
records that are published in the annual report and therefore no risk
if exposed? You will need to know. Your Board does not think so.
So is everybody is moving to the beat of the same drummer.......?
Not exactly!
Some Records Storage Contracts now state that if the corporation
storing your data loses or exposes your data, that you are not
permitted to disclose the name of that entity causing the loss. This
leaves the damaged party left alone to take the blame, which is some
cases is not their fault. Also, permanent removal fees are being
written into media storage contracts. Here is a chance to speak up
and talk about why contracts should be reviewed. Paper is locked in
place unless you go to court to free it up. Don't allow this to
happen to media too!
The interpretation of signing a permanent removal (hostage fee) with
a vendor may be construed as a tacit acceptance of all their security
and procedures as you are making it difficult for future directors or
management to ever move to a new vendor. That is a totally new danger
to allowing your records to be tied up in hostage fees.
So again, here is another reason why Records Managers should be
looking over the shoulder of IT. They are just now seeing these
attempts to hold them hostage. There is no longer a separation
between the two empires. The new laws out of Washington will put now
liability on everyone and RM's and IT need to talk. Just look at the
new laws and you will see you are entwined by law.
Congress (with pressure from Wall Street) is basically taking the
Classic approach of 'Inveniemus Viam aut Faciemus.' "We will find a
way, or we will make one." By September you need to have your own
house in order and you cannot do that working independently of IT.
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|