News Stay informed about the latest enterprise technology news and product updates.

Users: Who's responsible for compliance?

During a break-out session on preparing for regulatory compliance at the Storage Decisions Show, the message from users was loud and clear: Who's problem is it?

New York – Complying with new regulations governing record retention is a burning issue for many companies, but for some it's made even harder by the lack of a single person in the organization willing to take ownership of the problem.

A panel of three users moderated by Peter Gerr, analyst with the Enterprise Storage Group, addressed this and other compliance issues at Storage Decisions on Monday.

Brian Young, senior systems architect at Millennium Pharmaceuticals Inc, a 2,000-person company, says his organization has completed several years' work on a compliance initiative but has reached a point where he can't see how much has been done versus where the company needs to be.

"If anyone was willing to articulate a strategy we'd buy into it, but there's a leadership vacuum on this," Young says.

He's not alone. SearchStorage spoke with a senior storage manager at a large financial services company, who says everyone in his company has different objectives, and the result is a nightmare from an IT perspective. He requested anonymity. "We've got internal lawyers, external lawyers, compliance officers, business people, IT people…one group is asking us for one thing and another something else-- it's disjointed…We don't really know what we are supposed to be keeping, so we are keeping everything," he says.

What should you do?

The advice from panel members is clear. Get everyone into one room and speaking the same language. "There isn't a single aspect of the business that doesn't involve compliance," says Jay Cohan, chief compliance officer at the MONY Group.

Shaun Mahoney, senior storage engineer at Citigroup agrees that educating the whole company is the only way to create a fool-proof strategy. "Nobody wants to open the Wall Street Journal and see their name next to Eliot Spitzer…educating employees right down to the mailroom guy is the only way to instigate change," he says.

"Every single employee is a records custodian -- you have to make it a companywide deal to get the point across," reinforces Cohen.

For those already over this initial hurdle, the next battle appears to be an IT problem. Users are confused by how to classify data such as emails and files. Should this be the responsibility of individual employees, they ask? Another user points out the disparity between the SEC's referral to "record" retention, when IT and storage departments store great globs of data, not so-called records.

If you are a user confronting these issues, take comfort from the fact that you are not alone. This break out session was packed with worried faces.


Debunking the myths of compliance

Sarbanes-Oxley and how it applies to e-mail archiving

Dig Deeper on Data storage compliance and regulations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.