From Peter's RAIN postings:
On Nov 8, 2007, at 12:00 AM, RECMGMT-L automatic digest system wrote:
> Uncle Sam's newest security challenge to businesses
> CNET News.com - San Francisco,CA,USA
> This could include personal information, trade secrets, financial
> data, and more. However, the government will face a monumental
> challenge if it tries to ...
> <http://www.news.com/Uncle-Sams-newest-security-challenge-to-
> businesses/2010-1029_3-6216821.html>
The article states:
"It's important that all of a business' stakeholders--employees,
partners, and consumers--are promptly notified when confidential
information has been breached. This could include personal
information, trade secrets, financial data, and more. However, the
government will face a monumental challenge if it tries to prescribe:
1) what exactly constitutes confidential information and 2) how to
protect said data.
Across different industries and organizations, the definition of
sensitive information varies greatly. It may be patient forms at a
hospital, patent applications at a research facility, or credit card
numbers at a retail store. There are common threads among all
industries, such as employee Social Security numbers, but the nuances
from one business to the next will make it nearly impossible to make
an overarching definition of sensitive information.
........... The laws will likely require a combination of technology
and processes to protect data, which are ultimately going to have
hard costs and could take time to implement across the board.
A one-size-fits-all approach to data protection simply won't work.
Protecting financial information for a small retail chain will not be
the same as what's required for an international bank.
____________________
This sounds like the questions we get here all the time...... "I am
a RM for an Airline and I want to know if passenger logs are vital
records and how long should I keep them?"
"I am a hospital and I need to know how to classify patient
records........?"
ARMA should be approaching the sponsors of this Bill and stating that
"it" is the one organization that can add old science to a new
requirement. Doesn't it just drive you nuts when people think that
they have discovered a whole new science. Records Classification and
retention scheduling and information security.
Hmmmm? Where could one find such expertise? Don't Senators and
Congress-people know about ARMA? ARMA follows Washington, maybe it
is time to introduce us so ARMA's strengths can be brought to bear on
issues like this.
NFPA 232 defined the records manager as the responsible party with
matters of classification, retention, destruction. So an official
designation exists.
Time to parlay that definition into a power position in Congress.
The article went on to say:
"The board is in the best position to identify the company's "crown
jewels"--from employee and customer data to trade secrets. When
considering what information is most important to protect, anything
deemed "material" to the organization and subject to indemnity
disclosure is often a good benchmark for setting internal content
protection policies."
Puhhhlleeasse. Who is this writer that he thinks the Board Members
would know the different type of records? The Audit Committee might
but it would probably seek out the RM first. But realistically, this
article should be the impetus for RM's to send memos to the Audit
Committee that this bill is on the horizon and some proactive
discussion should be scheduled.
Calling all RM's please report to the Board Room! STAT!
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|