Computerworld - Few IT professionals want to worry about how long to keep (or how to properly destroy) company records. Many people consider records management even less interesting than watching paint dry. But interesting or not, it's becoming critical. Savvy IT leaders care about records retention. Here's why:
- Government regulations. U.S. companies are subject to dozens of federal, state and local regulations requiring records to be retained for periods of one year to indefinitely. The USA Patriot Act gives the federal government broad authority to obtain many types of personal data and designates retention periods for each. HIPAA's privacy rules limit access to individuals' protected health information and describe how long medical records must be retained. The Sarbanes-Oxley Act demands that public accountants retain certain corporate audit records and work papers for five years after an audit is completed. It also calls for fines or imprisonment for individuals who knowingly change or destroy company records with intent to obstruct federal proceedings (either under way or anticipated). The North American Free Trade Agreement, the General Agreement on Tariffs and Trade and other pacts also require significant records management.
- International regulations. More than 40 countries currently have regulations requiring varying degrees of records retention. This can create problems for global companies when national regulations conflict. For example, e-mail regulations in SEC Rule 17a-4 conflict with European privacy laws. The international banking standard Basel II has different requirements for banks' loan loss reserves than U.S. rules mandate. These differences in requirements add complexity to multinational record-keeping. Complying with all applicable regulations requires a lot of homework.
- Litigation. Last year, the Federal Rules of Civil Procedure were broadened to cover electronic records. Under the amended rules, both parties' lawyers must meet early in the litigation process to determine what types of records will be required. Companies have only 120 days after this agreement to produce all required records in a form that is "reasonably usable." Companies may also be required to provide technical support to ensure that the data is "useful." In addition, the producing party must now identify any potentially relevant sources of information that will not be searched if "undue burden or costs" can be justified. This requirement to disclose what is not being searched is new, and it places a significant burden on companies to determine all potentially relevant sources of data.
- Legal awareness. The number of requests for data will increase as lawyers better understand IT data management. In 1999, the University of California's Continuing Education of the Bar program began a statewide drive to educate lawyers on how to search, maintain and use electronic records. Many other states have similar programs. Web searches for the terms e-discovery, records management and records retention produce mounds of advice for lawyers. In addition, lawyers are being advised to hire computer forensics specialists to access deleted, encrypted or other difficult-to-retrieve data.
- Costly penalties. Penalties for noncompliance can be enormous. In 2006, Morgan Stanley agreed to a $15 million fine to settle charges that it failed to provide tens of thousands of e-mails requested during SEC investigations. (Even scarier, Morgan Stanley client Ron Perelman had previously won a $1.45 billion judgment against the firm for its failure to turn over requested e-mails to the court.) Recently, in Zubulake v. UBS Warburg, the judge concluded that UBS had willfully deleted relevant e-mails despite court orders. When a defendant has destroyed potentially relevant data, judges can (and this one did) direct the jury to presume that the deleted data would have supported the opposition. Zubulake was awarded $29 million. If you want to see more rulings regarding deleted e-mails, read up on the explosion at BP's Texas City refinery.
Keep abreast of changes in these areas. Regulations, requirements and penalties are evolving rapidly -- but not always for the worse. In her opening speech at the CeBIT trade show, German Chancellor Angela Merkel observed that Germany has a large number of reporting requirements and said that the country's government "has committed to reduce bureaucracy costs by up to 25% by 2011." Stay tuned, and hope other countries follow suit.
Good records management is critical. Your organization could become involved in litigation or be hit with a government agency's request for information at any time. It will be impossible to produce data you have not retained, and failures may be costly. Prepare now.
Bart Perkins is managing partner at Louisville, Ky.-based Leverage Partners Inc., which helps organizations invest well in IT. Contact him at BartPerkins@ LeveragePartners.com.
Read more about Government IT in Computerworld's Government IT Topic Center.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Comprehensive Advanced Threat Defense
- The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach
- In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Market Overview: Digital Customer Experience Delivery Platforms
- Forrester states that businesses today struggle to understand and use the tools necessary to create and manage unified, multichannel digital customer experiences across...
- The Growing Demand for Rich Media
- This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and... All Government IT White Papers
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Leveraging Flash Storage to Accelerate Oracle Real Application Clusters Join this webinar to understand the latest solid-state storage trends, the specific applications driving solid-state storage deployments and the benefits of deploying the...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- All Government IT Webcasts