Computerworld - Few IT professionals want to worry about how long to keep (or how to properly destroy) company records. Many people consider records management even less interesting than watching paint dry. But interesting or not, it's becoming critical. Savvy IT leaders care about records retention. Here's why:
- Government regulations. U.S. companies are subject to dozens of federal, state and local regulations requiring records to be retained for periods of one year to indefinitely. The USA Patriot Act gives the federal government broad authority to obtain many types of personal data and designates retention periods for each. HIPAA's privacy rules limit access to individuals' protected health information and describe how long medical records must be retained. The Sarbanes-Oxley Act demands that public accountants retain certain corporate audit records and work papers for five years after an audit is completed. It also calls for fines or imprisonment for individuals who knowingly change or destroy company records with intent to obstruct federal proceedings (either under way or anticipated). The North American Free Trade Agreement, the General Agreement on Tariffs and Trade and other pacts also require significant records management.
- International regulations. More than 40 countries currently have regulations requiring varying degrees of records retention. This can create problems for global companies when national regulations conflict. For example, e-mail regulations in SEC Rule 17a-4 conflict with European privacy laws. The international banking standard Basel II has different requirements for banks' loan loss reserves than U.S. rules mandate. These differences in requirements add complexity to multinational record-keeping. Complying with all applicable regulations requires a lot of homework.
- Litigation. Last year, the Federal Rules of Civil Procedure were broadened to cover electronic records. Under the amended rules, both parties' lawyers must meet early in the litigation process to determine what types of records will be required. Companies have only 120 days after this agreement to produce all required records in a form that is "reasonably usable." Companies may also be required to provide technical support to ensure that the data is "useful." In addition, the producing party must now identify any potentially relevant sources of information that will not be searched if "undue burden or costs" can be justified. This requirement to disclose what is not being searched is new, and it places a significant burden on companies to determine all potentially relevant sources of data.
- Legal awareness. The number of requests for data will increase as lawyers better understand IT data management. In 1999, the University of California's Continuing Education of the Bar program began a statewide drive to educate lawyers on how to search, maintain and use electronic records. Many other states have similar programs. Web searches for the terms e-discovery, records management and records retention produce mounds of advice for lawyers. In addition, lawyers are being advised to hire computer forensics specialists to access deleted, encrypted or other difficult-to-retrieve data.
- Costly penalties. Penalties for noncompliance can be enormous. In 2006, Morgan Stanley agreed to a $15 million fine to settle charges that it failed to provide tens of thousands of e-mails requested during SEC investigations. (Even scarier, Morgan Stanley client Ron Perelman had previously won a $1.45 billion judgment against the firm for its failure to turn over requested e-mails to the court.) Recently, in Zubulake v. UBS Warburg, the judge concluded that UBS had willfully deleted relevant e-mails despite court orders. When a defendant has destroyed potentially relevant data, judges can (and this one did) direct the jury to presume that the deleted data would have supported the opposition. Zubulake was awarded $29 million. If you want to see more rulings regarding deleted e-mails, read up on the explosion at BP's Texas City refinery.
Keep abreast of changes in these areas. Regulations, requirements and penalties are evolving rapidly -- but not always for the worse. In her opening speech at the CeBIT trade show, German Chancellor Angela Merkel observed that Germany has a large number of reporting requirements and said that the country's government "has committed to reduce bureaucracy costs by up to 25% by 2011." Stay tuned, and hope other countries follow suit.
Good records management is critical. Your organization could become involved in litigation or be hit with a government agency's request for information at any time. It will be impossible to produce data you have not retained, and failures may be costly. Prepare now.
Bart Perkins is managing partner at Louisville, Ky.-based Leverage Partners Inc., which helps organizations invest well in IT. Contact him at BartPerkins@ LeveragePartners.com.
Read more about Government IT in Computerworld's Government IT Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses
- IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center
- IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results
- Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data
- HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data... All Government IT White Papers
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- All Government IT Webcasts