Everything points to the fact that the managers of British companies are still incapable of storing electronic data in line with statutory obligations. It means that companies are running the risk of falling foul of regulatory bodies, as well as facing enormous fines.
It is estimated that more than a third of IT directors are unable to advise their CEOs on how long their company is legally required to store its business data, writes NetworkComputing.
Moreover, half of IT directors are unable to confirm whether they even have a policy covering how long they are required to keep company e-mails. This points to a distinct problem in data archiving at British companies.
Today IT directors concentrate primarily on identifying, deploying and keeping the costs of solutions down, though on the periphery regulatory risks remain, which organizations also have to manage. The fact that under those regulations, archived data needs to be “locked down" for several years means companies have to choose the simplest secure solution to meet requirements well into the future.
With time the stored data often grows exponentially. If an organization needs to store information that isn’t particularly valuable for a short period of time, then a magnetic disk archive should suffice. However, if there is a strong need to establish record authenticity and retention periods are high, optical storage and more serious software products are more appropriate.
The main statutory acts requiring businesses to store electronic data include: BSI (ISO) 5000: 2002, 7799, The Data Protection Act, Basel II, Sarbanes-Oxley, and the rules outlined by the Financial Services Authority.
“Regulatory compliance cannot be viewed as a one-off project. The principle of ‘it’s been done, now we can forget about it’ doesn’t hold true here. Quite the contrary, organizations have to change their attitude towards regulatory requirements and take advantage of them. So, if it’s necessary to store electronic correspondence for seven years, then a company shouldn’t just do it to avoid paying huge fines but make the whole project as beneficial as possible. For example, analytical selection from a correspondence archive is a powerful instrument for revealing anomalies and the make-up of a corporate communication system," points out Denis Zenkin, marketing director at InfoWatch.
Source: NetworkComputing