New rules require banks to put their content management efforts into high gear. We ask the experts how they're doing.
March 24, 2007 12:00 AM (From the March 26, 2007 issue)
New e-discovery rules that went into effect Dec. 1 pose a range of challenges for banks. And what the bankers are learning from complying with amendments to the Federal Rules of Civil Procedure can be extended to other companies grappling with e-discovery. InformationWeek's sister publication, Bank Systems & Technology, had freelance writer Peggy Bresnick Kendler discuss banks' compliance efforts with four experts.
Barry Murphy, principal analyst, Forrester Research: The amendments affect organizations in three ways. First, they require a framework for early attention. Organizations not ready to address issues when litigation or regulatory requests hit will immediately be behind.
Second, they give a safe harbor for data destruction, meaning there are no penalties for deleting electronically stored information in keeping with routine operation of IT systems if the party took reasonable steps to preserve it. However, this means that organizations must have granular retention policies in place, and technology to enforce those policies and audit the enforcement as well.
Finally, there's the requirement for native file production. Organizations must be able to produce electronically stored information in its native format with its metadata intact and prove a valid chain of custody. Again, this spotlights the need for technology to manage the full life cycle of information.
John Mancini, president of AIIM, the enterprise content management association: Companies need to know what electronic information they're storing and where it is. They need policies in place governing the management of electronic information, they need to follow those policies, and they need to be able to prove compliance. The it's-too-hard-to-produce argument won't stand up anymore. These sound simple and basic on the surface. But according to AIIM surveys, the environment in most firms is barely controlled chaos.
Full article HERE.
CISSP, MCSE, CSTA, Security+ SME