Published: 15 Jun 2003
I hate to be the one to tell you, but just when you thought you might actually be getting a handle on your world, it's about to get set on its ear again. This time, it will be much worse than ever before--now the government is getting involved. Talk about a perfect storm--take the ever confusing, complex and chaotic world of storage, and add a bunch of government rules to make it nearly impossible.
The bad news is that the U.S. government is about to stick its very serious nose into our business. The good news is that Enterprise Storage Group is going to release the most comprehensive report ever done on regulatory compliance and the issues it creates in the world of storage.
The stakes--as far as we can tell--have never been higher for technology vendors and the IT and business professionals who are under scrutiny. Just last month, the SEC handed out fines totaling $1.4 billion (yes, billion) to six brokers/dealers, and two individuals for misleading investors. The smoking gun? E-mail.
In a nutshell, we looked at four industries that are being radically affected by existing and newly introduced regulations: financial services from regulations 17a-3 and 17a-4; pharmaceutical/life sciences with 21 CFR Part 11; healthcare, because of HIPAA and the government's own 5015.2-STD that covers the Department of Defense. Overriding all of these--and many others--are regulations that focus on consumer privacy, e-mail retention and corporate governance.
What's the point? The point is that because of economics, and the fact that your CEO probably has seen the television show "Oz" and would rather avoid jail if at all possible, your policiesaround the retention, availability and authenticity of your data are going to change. In the state of California, for example, any breech of consumer data requires that the guilty company must individually notify every affected consumer.
Regulation 17a-4 is written to guarantee that Wall Street broker/dealers retain e-mail for a minimum of three years--and the e-mail can never be altered. That means they can't throw anything away, and each individual e-mail has to be maintained in its original form.
Who cares about Wall Street? Ah my friend, it's Wall Street now, but it will be every public company in a few years. Then it will be everyone that sells to a public company. Then it will be an accounting/auditing standard. And that's just e-mail. What about in healthcare where HIPAA mandates that you have to keep that 800MB MRI for not only the life of the patient, but a minimum of life plus two years--so academia can do research on it later?
The biggest driver of reference information for the next few years will be these and other regulations. More data and records are being created than ever before. Now you have to worry about retaining them for years, decades or even after death. There are over 10,000 IT-oriented regulations so far. The majority focus on record retention, and way more are coming.
While I might have hoped to keep the lawyers out of IT for a tad longer, it no longer seems possible. In the '90s the CIO was a technically savvy CFO. Now they need to get a law degree.