On Oct 2, 2006, at 12:00 AM, RECMGMT-L automatic digest system wrote:
> From: Jaspal Dugal - Sterling Solutions <[log in to unmask]>
> Subject: Re: RM Outsource to India and Elsewhere
In the article that Mr. Dugal provided it referenced the penalties for
conviction of data theft or breaches as follows:
"Currently, the penalty on conviction of a data related crime in India
is up to two years’ imprisonment and a fine of up to INR 200,000
(US$4,500). Employers have been reminding employees of the law in the
wake of the recent publicity to deter any rogue employees who might be
tempted to act maliciously. The Government of India is working with
the BPO industry in a review of whether the law is sufficiently tough
in this area."
In a country where the penalty for data theft is equivalent to the
penalty for shoplifting in the United States, the value proposition to
the thief is that the value of the data is extremely high in proportion
to the penalty. If we view data as being as valuable as gold and
diamonds look at the penalties for theft of gold and diamonds.
In gold mines and diamond mines, extensive technology and security
measures are in place because the temptation to steal is so strong. If
I enter a Jewelry Store the diamonds are not laying out on a counter
because the amount of theft would be astronomical. Clearly, recent
thefts and the articles that surely follow have not only told the
thieves what this material is worth, but who the buyers are and that
you can resell the same data over and over again as it does not lose
value in propagation. Selling it need not even take place in person as
theft can occur electronically.
But for a moment ignore the value to the thief and lets focus on the
cost to the Owner of the data who has unleashed the Pandora's Box with
absolutely no way to put the data back in the box. The University of
Texas has spent millions to fix their data theft and that is only to
protect them from it happening again. The true cost to the 269,000
alumni that lost their personal privacy and financial data to who
know's who?
Data security comes back to being a people issue. Control of the
people handling the data is critical.
My concern is that companies outsource their data processing offshore
without any rights by the clients to have input until it is too late.
As long as the data is in the country of origin, then you have some
control in your courts for redress. But lengthening the supply line in
war or in data transfer creates danger. There is also a stability issue
in foreign countries where the someone who appears to be your friend
may turn out to under the control of another entity? Or if the
government is unstable? People come to the United States, the UK and
Canada due to the stability of the governments as this protects their
asset value.
A great example is Ireland, in the past executives avoided Ireland due
to issues with the IRA and Northern Ireland. But Ireland stabilized
these issues by prosperity across the region. Previously the
instability caused concern but suddenly it was safer to conduct
business in Ireland than other places. It has become The Digital
Capital of the European Union.
I recently went to Ireland thinking that I would talk about the
business model in the United States but instead found out that Ireland
is using cutting edge technology and they value security of the data as
a chief priority. They catalog paper storage down to the individual
files not just by the box so they have redundant file tracking. They
have streamlined their imaging and scanning by going high speed to
digital. Filestores had seven vaults. Six concrete type for vital
paper documents and one FIRELOCK Vault so that they could offer their
clients a myriad of solutions. The security on their building was well
designed with two rows of fencing to bring a vehicle on site with
access control, CCTV and security personnel on site, and their own IT
department that could talk tech talk to their clients. Evaulting and
Disk to disk. Co-location capabilities. Top line software and tracking
technology. Redundant processes for checking in and out media to
prevent lost media. So what can I talk about when they are already on
the cutting edge.
Hey, what happened to the U.S. being the leader in technology
implementation? I think we still lead in development of technology but
maybe not. But surely as soon as technology is developed, smart
players around the world adopt the most practical technology as they
recognize that media insecurity is the achilles heel of so many
companies right now.
Soon Filestores will have facilities all over Ireland to leverage this
investment in security but I am sure this was costly to lead with
security when their largest competitors view security as an after
thought. So this enhanced security trend is spreading across the
world; so the question may not be whether outsourcing is viable, but
whom should you choose to provide this service. Data security comes
back to being a people issue. In some companies the staff are like
families or family is interspersed in the staff.
If your vendor states that your records and media is next to worthless
because the vendor internally classifies these records as "Inactive"
then the failure is not with them but your own standards. Who you
choose to store with is an exact image of how you feel about your
records and media. If you store in India now because it is cheap then
will you move it to China because it is even cheaper. Sad to say for
many the answer is yes. I worry about companies that make price the
primary factor in their value proposition?
Records Managers need to be accountable for writing Service Level
Agreements that protects their organization's interests. Once that is
done, you need to assure yourself and legal combined need to certify
that this agreement can be enforced. A Court in the Northeast affirmed
that records have value, other case law exists in this area as well.
Ireland, Switzerland and Australia may be data havens in the future
because they have few enemies and that is a value in this world of
terrorism we live in. But having a discussion on this to determine
what our strategy on this should be is a worthwhile records management
topic. But tomorrow may bring a new set of criteria.
The Vatican City was once a safe environment. Can we say the same
today? Our world is changing and our perceptions and realities need to
change with it.
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the
sender by return e-mail and delete this message from your system. Any
unauthorized use or dissemination of this message in whole or in part
is
strictly prohibited. Please note that e-mails are susceptible to
change. Banc Tecnic Inc. dba FIRELOCK shall not be liable for the
improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. FIRELOCK does not guarantee that the integrity of this
communication has been maintained nor that this communication is free
of viruses, interceptions or interference.
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|