The trends in the industry are:  There are over 50 Class Action FACTA  
Lawsuits about data loss, Universities are pursuing ultra high  
security measures to protect their students private information,  
(these according to ARMA's recent email) and SOX, Rule 26, GLB, ESI,  
and Rule 37  create tremendous regulatory pressure on corporations to  
protect their secure data, corporations are contracting with Brink's  
Armored Transport and Dunbar and Wells Fargo to make sure their data  
is secure from portal to portal. A whole new breed of offsite Media  
Vaulting companies are developing.  The Identity Theft requirements  
of making public ( read hugely embarassing and stock value crashing  
here) disclosure within 45 days mandatory or the corporation is  
liable for contingent liability.

At the recent PRISM Conference, the hottest topics were on Media  
Storage and how to do it right.  A whole new publication on the ideal  
operational practices for media storage was presented.  The offsite  
storage industry is reacting.  PRISM is being responsive to their  
member's clients by exploring heightened security.  At the NAID  
Conference all they talk about is security.  They have a  
Certification Program that is highly effective. The industry is much  
more secure now than 5 years ago.

Corporations have let it be known that either you improve security or  
we will pull it back in house.  Disk to Disk mirroring is on the  
rise.  Our Server Vaulting division has taken a big jump in  
popularity as corporations look for new measures to protect data at  
its genesis. The average life of a box in storage has been  
drastically reduced.

Reasons for this:   SOX "pierces the corporate veil" thus making the  
Board of Directors directly liable for any loss of data or other  
malfeasance.  NO OTHER LAW HAS SOUGHT TO PIERCE THE CORPORATE VEIL  
QUITE LIKE THIS!  In reaction to this: The Corporate Boards have  
created Audit Committees to the Board; with at least one a financial  
wizard to be able to interpret data to make sure they are  
representing things properly and this committee has much more power.   
This Audit Committee is extremely important with a great deal of  
power.   Records Managers will be hearing from them or better yet,  
you seek them out.  If not, Rule 37 and 45 will send them to your  
door.  Over 80% of corporate boards feel they would not measure up to  
a request for electronic discovery and this is an opening for you.   
99 days is a very short fuse to present all of your data mapping and  
formats to discovery. Can you provide the inventory of every box in  
your program accurately.

Meanwhile, the Congress is developing new laws to make those party to  
a loss be responsible for a portion of the cost based on their  
culpability.  So if you are a third party processor you need to step  
it up.  If you are an offsite storage company you need to really put  
tight management control on your software, delivery staff and in- 
house management of media to make sure what comes in, stays in;  and,  
what is to be delivered is delivered to the right person and an audit  
trail is developed to prove it.

One issue that might reflect badly on records management is that the  
new laws will require some identification of what is exposed in each  
box of records.  In computer media, the IT manager can develop a  
listing of exactly what was lost on a tape and even a laptop that was  
stolen if they are in a standard protocol back up plan. If you cannot  
identify what is in each and every box you store offsite you expose  
your corporation and others to liability.  Are you prepared for  
this?  A good records manager with proper tracking software should be  
able to tell what is in every box.  Is is private data or accounting  
records that are published in the annual report and therefore no risk  
if exposed?  You will need to know. Your Board does not think so.

So is everybody is moving to the beat of the same drummer.......?   
Not exactly!

Some Records Storage Contracts now state that if the corporation  
storing your data loses or exposes your data, that you are not   
permitted to disclose the name of that entity causing the loss. This  
leaves  the damaged party left alone to take the blame, which is some  
cases is not their fault.  Also, permanent removal fees are being  
written into media storage contracts.  Here is a chance to speak up  
and talk about why contracts should be reviewed.  Paper is locked in  
place unless you go to court to free it up. Don't allow this to  
happen to media too!

The interpretation of signing a permanent removal (hostage fee) with  
a vendor may be construed as a tacit acceptance of all their security  
and procedures as you are making it difficult for future directors or  
management to ever move to a new vendor. That is a totally new danger  
to allowing your records to be tied up in hostage fees.

So again, here is another reason why Records Managers should be  
looking over the shoulder of IT.  They are just now seeing these  
attempts to hold them hostage. There is no longer a separation  
between the two empires.  The new laws out of Washington will put now  
liability on everyone and RM's and IT need to talk.  Just look at the  
new laws and you will see you are entwined by law.

Congress (with pressure from Wall Street)  is basically taking the  
Classic approach of 'Inveniemus Viam aut Faciemus.'  "We will find a  
way, or we will make one."  By September you need to have your own  
house in order and you cannot do that working independently of IT.


Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134
WWW.FIRELOCK.COM

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance