 
| Mime-Version: |
1.0 (Mac OS X Mail 8.2 \(2104\)) |
| Sender: |
|
| Date: |
Wed, 20 Jul 2016 10:12:19 -0400 |
| Reply-To: |
|
| Subject: |
|
| Content-Transfer-Encoding: |
quoted-printable |
| In-Reply-To: |
|
| Content-Type: |
text/plain; charset=utf-8 |
| From: |
|
| Parts/Attachments: |
|
|
> From: Patrick Cunningham <[log in to unmask] <mailto:[log in to unmask]>>
> Subject: Re: Google deletes artist’s blog, email due to ToS violation
Patrick,
I thought you provide excellent illustrations of how records management interfaces with different types of Cloud. You are right, that one gets what one pays for and free services are risky.
> In most instances, an organization can
> contractually bind the provider to certain terms and conditions to ensure
> confidentiality, integrity and availability of the data being held by the
> provider. Data localization can also be agreed upon.
The good fences and good contracts make great neighbors. But I would also point out that some Cloud service providers who burst on the scene and looked sharp are no longer with us. And if they fail and shut down there is little once can do to a bankrupt firm.
But you also brought out a good point that the owner of the Cloud may change. As information assets move offshore, the laws that govern them and the ability to enforce laws may be difficult.
> We then looked at the IP address of that website and found that it was
> going to a "cloud" provider in South Africa. We stopped what we were doing
> and called by law firm. The partner claimed that the law firm was hosting
> the site, onsite in their server room. When presented with the evidence we
> had, he called in his tech guy. Well, it seems that BigLawFirm contracted
> with Jim-Bob. Jim-Bob contracted with Billy-Joe for CPU and disk space, but
> Billy-Joe had contracted with the South African "cloud" to provide that CPU
> and disk, Oh, and the South African cloud was owned by a Japanese telecom
> that was being bought by a Chinese company (I am dead serious about that).
How does one keep track of where their Cloud is on any given day.
This is similar to records storage clients who find their offsite provider being bought out by a larger company. Soon their records are no longer 5 miles away or 10 miles away. They may be moved into three or four different warehouses in different cities and states as happened with a large concrete manufacturer here in the Lehigh Valley. Deliveries changes from call today and delivery is tomorrow to the delivery being changed to 2 to 4 days for a delivery based on when the large companies trucks might be able to travel to all the different locations. The concrete company was never told this event could occur.
Contracts can come apart when an acquisition happens. This is where I think the records manager has a real advantage as they have seen the tricks that can happen when records stored with one company (with no notice due to non-disclosure clauses) move to another company.
Will a company like Amazon let you insert your own language into a contract or are they rigid?
How many records managers that have offsite storage have clauses that require their storage company to openly disclose a pending sale in advance of the sale? I heard IBM and DELL argue this point that offsite media storage providers have a responsibility to disclose if they will sell the tape storage to a third party. The storage service provider argue that they are bound by a Non-Disclosure Clause.
Do you negotiate in your Cloud service providers a requirement that if they sell to a third party or have financial problems that they must have a program to return your Cloud storage to you or at the least prove it was destroyed?
We built a ServerVault for a client who provides a form of Cloud in that the client installs their own servers in his data center. They pay for rack space. But the servers, jukeboxes and the data housed within still belong to the Owner/client. When the contract ends, the Owner can pick up their servers with their data and take it somewhere else. But it is safe.
Security is something that seems to be fading away. One of the great things about NAID is they offer Certification. For a period of time Alan Andolsen would audit these firms and make sure they followed all of the rules. Outside of NAID where is that certification of security for records.
I enjoyed your discussion.
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
|
|
