Posted by Scott Hambrick on Sat, Apr 28, 2012 @ 08:49 AM
IN THE NEWS
BUSINESS RECORDS MANAGEMENT BUYS UNDERGROUND ARCHIVES
Business Records Management LLC (BRM), a Pittsburgh-based information management company, has acquired the records and information storage and document destruction business and the related assets of Underground Archives LLC, with locations in Wampum and East Brady, Pa. (Underground Archives was profiled in the September/October 2010 issue of SDB magazine.) BRM says the acquisition is designed to enhance its position as a regional leader in the information management industry.
Link: http://www.sdbmagazine.com/brm-acquires-underground-archives.aspx
FEDERAL COURTS SCUFFLE IN FACE OF DIGITAL INFORMATION OVERLOAD
This week the Department of Justice and the court's Administrative Office (AO) jointly developed a set of recommendations aimed at easing what it calls one of the most challenging aspects of its work: wading through "electronically stored information (ESI)" for the discovery or evidence gathering phase of a court case. ESI can include everything from writing, drawings and charts to photographs, e-mail, voice-mail and computer file folders.
Link: http://www.networkworld.com/community/node/80382
MORE DOCS USE DIGITAL RECORDS, SO WILL CONSUMERS
With billions of dollars of HITECH Act incentives are being waved in front of healthcare providers for the meaningful use of health IT, you shouldn't be surprised to learn that the percentage of healthcare providers using digital records has doubled over the last two years. Undoubtedly, that's impressive progress, considering that e-health record technology has been around for decades, and adoption was in single-digit percentages until very recently. But digging below the surface, there are a couple key things to keep in perspective.
Link: http://www.informationweek.com/news/healthcare/EMR/232900745
EUROPE: BUSINESSES ARE NOT PROTECTING OUR DATA, SAY CONSUMERS
Only 12 percent of consumers believe organisations do enough to protect their data, according to ICM research.
ICM questioned 4,000 consumers in the UK, Germany and France and found that 76 percent would "likely" leave a business or service provider if it leaked some of their personal data.
Link: http://news.idg.no/cw/art.cfm?id=162440B8-B258-DBC8-99470BF8E7308B5D
2 MEDICAID DATA BREACHES, 1 WEAK LINK: EMPLOYEES
For the second time in less than a month, there has been a major data security breach at a state Medicaid agency. The South Carolina Department of Health and Human Services (SCDHHS) discovered on April 10 that an employee of the state's Medicaid program had transferred personal information of 228,435 Medicaid beneficiaries to his personal email account.
Link: http://www.informationweek.com/news/healthcare/security-privacy/232900817
CINTAS HONORS ADMINISTRATIVE PROFESSIONALS DAY WITH FREE TIPS
Nearly 8.9 million people in the United States currently work in administrative support positions, according to the International Association of Administrative Professionals (IAAP). In honor of Administrative Professionals Day, celebrated on April 25, Cintas Corporation today issued best practices to help administrative professionals implement a successful office-wide program to manage, maintain and protect confidential business documents.
Link: http://www.marketwatch.com/story/cintas-honors-administrative-professionals-day-with-tips-to-help-offices-run-more-efficiently-2012-04-25
DECOY DOCUMENTS MAY SOON DEFEND AGAINST DATA LOSS
What if your company's confidential documents could alert you to access by unauthorized users? One startup company is working on technology to accomplish this through decoy documents that set security alarm bells ringing when they are accessed by unsuspecting thieves.
Link: http://www.esecurityplanet.com/network-security/decoy-documents-may-soon-defend-against-data-loss.html
POOR ELECTRONIC RECORDS IMPLEMENTATION COULD HURT PATIENTS
The credo "first, do no harm" applies not just to medical professionals, but to health IT intended to improve patient care, suggests a health-care management company executive.
Link: http://healthitupdate.nextgov.com/2012/04/_the_credo_first_do.php?oref=latest_posts
ESTIMATED $400 MILLION BEING LOST ANNUALLY DUE TO POOR DATA PROTECTION PRACTICES
A new survey released today, commissioned by Cloud-Connected backup and recovery leader EVault Inc., a Seagate Company STX -0.55% , reveals that more than twenty percent of IT organizations that manage between 2-7 TB of data suffered a data loss in the past year--in fact, more than half of this group suffered 2-3 data losses--each with an estimated average cost of 2-5 percent of total company revenues.
Link: http://www.marketwatch.com/story/estimated-400-million-being-lost-in-us-annually-due-to-poor-data-protection-practices-2012-04-25
DATA BREACHES COST AUSTRALIAN ORGANIZATIONS OVER TWO MILLION DOLLARS PER INCIDENT
Over the last year, data breaches have become commonplace with both global and local brands falling victim to attackers. Household brands have come under scrutiny as customer data including names, email addresses and potentially even credit card details are leaked.
Link: http://www.abc.net.au/technology/articles/2012/04/26/3489569.htm
HEALTHCARE'S CHECKLIST SECURITY MENTALITY FAILING, SAYS REPORT
Despite conducting regular risk analysis, 27% of healthcare organizations suffered a data breach in the last 12 months, twice the percentage reported in 2010. Lack of cohesive security leadership might be to blame, report says.
Link: http://www.informationweek.com/news/healthcare/security-privacy/232900895
WHO OWNS YOUR STUFF IN THE CLOUD?
Terms for keeping your data on companies' Web data storage services vary, and you need to understand them before clicking 'Agree.'
Link: http://www.latimes.com/business/la-fi-tech-savvy-cloud-services-20120426,0,3241271.story
BYE BYE BOX VENDORS, HELLO CLOUD - GOOGLE DRIVE'S BIG THREAT
The Google Drive formula is one often repeated these days by startups. Provide a dead-simple service that anyone can use. Open it up to developers. And make it something the business customer will find enticing due to its low price and fit with other services.
Link: http://siliconangle.com/blog/2012/04/26/google-drives-big-threat-to-the-big-box-vendors/
HISTORY FLUSHED
IN 1086 William the Conqueror completed a comprehensive survey of England and Wales. "The Domesday Book", as it came to be called, contained details of 13,418 places and 112 boroughs-and is still available for public inspection at the National Archives in London. Not so the original version of a new survey that was commissioned for the 900th anniversary of "The Domesday Book". It was recorded on special 12-inch laser discs. Their format is now obsolete.
Link: http://www.economist.com/node/21553410
CYBERSECURITY BILL PASSES DESPITE VETO THREAT FROM WHITE HOUSE
Ignoring a veto threat from the White House, the House passed legislation Thursday designed to protect communications networks from cyberattacks.
Link: http://security.blogs.cnn.com/2012/04/26/is-cybersecurity-bill-risking-personal-data/
Posted by Scott Hambrick on Wed, Apr 11, 2012 @ 08:54 AM
IN THE NEWS
EU ARTICLE 29 WORKING PARTY RELEASES OPINION ON DATA PROTECTION DIRECTIVE
The EU's Article 29 Data Protection Working Party has released two opinions concerning 1) the European Union's proposal for a comprehensive reform of the EU's 1995 Data Protection Directive and 2) the use of facial recognition biometric technology in online and mobile services. In January, the EU announced the data protection reform proposal and earlier this month, the European Data Protection Supervisor released an opinion (pdf) on the data protection reform package.
Link: http://www.privacylives.com/article-29-working-party-release-opinions-on-data-protection-reform-facial-recognition/2012/03/30/
CLOUD SECURITY AND RECORDS MANAGEMENT: EDAAS BEST PRACTICES
President Obama has recently issued a Memorandum entitled "Managing Government Records" to begin an Executive Branch-wide effort to reform records management policies and practice, and defined that this is the backbone of Open Government.
Link: http://cloudbestpractices.net/2012/03/26/edaas-best-practices/
DATA PROTECTION, BACKUP PLANS LACKING AMONG SMALL BUSINESS, MOZY
A third of small and midsize businesses (SMBs) allow employees to select their own method of backup for their data at work, essentially passing the buck when it comes to data protection, according to the findings of a survey conducted by online backup service provider Mozy.
Link: http://www.eweek.com/c/a/Data-Storage/Data-Backup-Protection-Plans-Lacking-Among-Small-Businesses-Mozy-495907/
EU MINISTERS CARE MORE ABOUT SECURITY THAN PRIVACY PROTECTION SAYS REDING
Europe's Justice Commissioner said this week that interior ministers are the biggest obstacle to data protection laws in the E.U.
Link: http://www.cio.com/article/703153/Ministers_Care_More_About_Security_Than_Data_Protection_Says_EU_Commissioner
SORRY HACKERS! EMPLOYEES MAY BE BIGGEST THREAT TO DATA
If you have a large or small business, you might be fearful of cyber crooks hacking through your IT defense.
Link: http://www.businessinsider.com/sorry-hackers-it-turns-out-that-employees-may-be-the-biggest-threat-to-your-data-2012-3
VISA, MASTERCARD WARN OF POSSIBLE DATA BREACH
MasterCard Inc. and Visa Inc. warned that some of the data in their cardholder accounts may have been breached. MasterCard said that it had notified banks, as well as law enforcement, of a potential problem with a third party "U.S.-based entity."
Link: http://www.latimes.com/business/la-fi-mastercard-visa-breach-20120331,0,3384918.story
Link: http://online.wsj.com/article/SB10001424052702303816504577313411294908868.html
Link: http://www.nytimes.com/2012/03/31/business/mastercard-and-visa-look-into-possible-attack.html?_r=1
IT'S WORLD BACKUP DAY, ARE YOU READY FOR A DRIVE FAILURE?
In case you hadn't heard, March 31 is World Backup Day. This year marks only the second time that this commemorative day will be celebrated, but we're giving it our full support.
Link: http://www.extremetech.com/computing/124087-its-world-backup-day-are-you-ready-for-a-drive-failure
FTC REPORT SHOWS BUSINESSES HOW THE WIND BLOWS ON CONSUMER PRIVACY
The Federal Trade Commission (FTC) this week released its report on consumer privacy for businesses. The report does not have the force of law, but calls for businesses to voluntarily adopt best practices around consumer privacy.
Link: http://www.businessinsider.com/ftc-report-shows-businesses-how-the-wind-blows-on-consumer-privacy-2012-3
THIS OLD BACKUP: HOW TO DISPOSE OF YOUR OLD ARCHIVES WITHOUT EXPOSING YOURSELF
March 31 is World Backup Day, the day that the storage tech industry exhorts us all to back up our digital possessions and practice good data hygiene. But there's one thing that's just as important as backing up your data in the first place, or possibly more so: properly getting rid of your old backups when they're no longer useful. So while you're using today as an excuse to get your friends and family to get their critical files backed up, it's worth taking a hard look at how to make sure that old backups get retired in a way that doesn't result in someone getting hold of your grandmother's tax return.
Link: http://arstechnica.com/business/news/2012/03/this-old-backup-how-to-dispose-of-your-old-archives-without-exposing-yourself.ars
PROTECTING BIG DATA: TURNING BURDEN INTO OPPORTUNITY
The business sees opportunity in Big Data, but the IT department is burdened by the complexity of managing it. The issue lies in the reliance on conventional IT systems and technologies to manage Big Data, which is unconventional in nature.
Link: http://www.echannelline.com/usa/story.cfm?item=27637
NEW BEGINNINGS
This year's PRISM International Annual Conference May 15 to 17 in Las Vegas marks the end of an era. Jim Booth, who has served as executive director of the association since late 1999, is leaving his post, as is the rest of the current PRISM International staff-Melissa Burton, Wendy Gordon, Kathy Lewis, John Ulmer and Sam Autry.
Link: http://www.sdbmagazine.com/sdb0412-prism-international.aspx
GRM GOING GREEN TO PRESERVE ENERGY AND ENVIRONMENT
As an environmentally conscious company, GRM is doing its part to both preserve energy and safeguard the environment. GRM's commitment to Going Green extends to trucks, emissions, destruction, facilities, and really, everything we do.
Link: http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2012/04/02/prweb9360821.DTL
SMBS LACKING DATA PROTECTION
In 2010, Blue Cross and Blue Shield of Tennessee identified 998,422 current and former members as being at risk for identity theft after 57 hard drives were stolen six months prior. The data breach cost the regional company $7 million, while the plan's employees and vendors spent more than 114,000 hours of labor reviewing back-up data and notifying affected members.
Link: http://www.insurancenetworking.com/news/mozy-data-protection-insurance-security-backup-30166-1.html
UK: BSIA HIGHLIGHTS THE IMPORTANCE OF STANDARDS IN PROTECTING DATA
With the average data breach costing UK firms around 1.9m annually*, and the new European data privacy framework asking for greater commitment from businesses on the way they handle data security, the British Security Industry Association's (BSIA) Information Destruction section is urging end users to understand how compliance with relevant industry standards can actively guarantee an improved level of protection against data breaches.
Link: http://www.continuityforum.org/content/news/press_release/165014/bsia-highlights-importance-standards-protecting-data
EU DATA PROTECTION LAW AND THE PATRIOT ACT IN THE CLOUD
Under the provisions of the US Patriot Act companies based in the EU must disclose customer data to US law enforcers without the customer's knowledge or consent, even though this conflicts with EU data protection laws.
Link: http://www.webanalyticsworld.net/2012/03/eu-data-protection-law-and-the-patriot-act-in-the-cloud.html
EMPLOYEES REMOVE CONFIDENTIAL DATA AT AN ALARMING RATE
At least one in two employees believes it's acceptable to remove confidential data from the office. Sixty-eight percent of employees aged 18-34 say it's acceptable, and 50% of those 55 and older believe it's okay, according to a 2012 FileTrek document security survey of 2,625 Americans age 18 and older.
Link: http://www.informationweek.com/byte/news/radio/personal-tech/232800120
COUNTY RECORDS PILING UP OUTSIDE COURTHOUSE WALLS
A tight county budget with little room for extra expenses seems to have dashed preliminary plans to annex the Meigs County Courthouse, but the problem of where to store the public's records is increasing, some officeholders said.
Link: http://www.mydailysentinel.com/view/full_story/6103155/article-County-records-piling-up-%E2%80%94-outside-courthouse-walls
NARA CHIEF: AGENCIES WANT UPDATED RECORDS MANAGEMENT PROCESSES
Federal officials tasked with updating records management systems want better guidance on which records must be preserved and a schedule for when they should be turned over to the National Archives and Records Administration, Archivist of the United States David Ferriero said Wednesday.
Link: http://www.nextgov.com/nextgov/ng_20120404_9241.php?oref=topnews
CHINA ISSUES GUIDE ON PRIVATE DATA PROTECTION
China is set to issue a formal guide on information security and private data protection, in order to provide general rules for the accessing and processing of private information, the Beijing News reports.
Link: http://english.cri.cn/6909/2012/04/05/2941s691399.htm
ENCRYPTION IN 2012: NOW A STRATEGIC BUSINESS ISSUE
In an increasingly digital world, information security and data privacy have become critically important to the enterprise. According to the 2011 Global Encryption Trends Study from Ponemon, encryption use to protect sensitive data is becoming widespread and strongly correlates to the overall strength of organization's security posture.
Link: http://www.zdnet.com/news/encryption-in-2012-now-a-strategic-business-issue/6355771
DATA BREACH REPORT SEASON, BEWARE OF PARTIAL TRUTHS
I look forward to reading the statistics every year. How many records were stolen last year? What did it cost the victims? How did the attackers pull it off?
I love that organizations like Verizon Business and Ponemon Institute compile and publish all this data. It helps shed a lot of light on what's going on in the information security world.
Link: http://www.infosecisland.com/blogview/20860-Its-Data-Breach-Report-Season-Beware-Of-Partial-Truths.html
Posted by Scott Hambrick on Wed, Apr 04, 2012 @ 09:28 AM
We have been shredding a LOT of documents this year. At Data Storage, we are calling this the year of the shred. We are asking everyone to look at shredding records this year.
As records managers we are taught the business value of records is inversely proportional to their age. Information is like fish, the fresher the better. Unfortunately, regulations and compliance issues often force us to keep records beyond their useful lives.
We just had a Department of Labor audit of our payroll records. Our time and attendance records are easily accesible and we were able to fulfill the audit requirements very easily. In our case the Department of Labor need to see two years worth of time cards. This is a prime example of being required to keep records beyond their usefull life.
As a small business owner, I do not have a business purpose for accessing time records for more than one year. Knowing the records business as I do, I was able to produce the records for the Department of Labor in about 10 minutes.
The audit went well and I think Data Storage is a better company for having gone through it. I'm just glad we didn't destroy those records when we were done with them instead of when the Department of Labor was done.
Watch those records retention schedules and life cycles.
- Short lived records include:
- Texts
- Phone records
- Meeting invitations
- Administrative Emails
- Longer Lived records
- Purchase orders
- Insurance claims
- Accounting records
- Payroll records
- HR records
- Long-Lived Records
- Mortgages
- Product liability related records
- Project files
- Oil and Gas records
- Medical Records
- Transcripts
Shred as fast as you can, but no faster than you should. It easier said than done, but we can help. Drop us a line if you have questions about how long you should be keeping your records. We find that most of our new records storage customers are able to destroy about 30% of their records once implementing our plans.
Posted by Scott Hambrick on Fri, Mar 30, 2012 @ 12:46 PM
IN THE NEWS
NY APPELLATE COURT RULING BRINGS CLARITY TO COST-SHIFTING IN E-DISCOVERY
The Appellate Division, 1st Department, in U.S. Bank N.A. v. GreenPoint Mtge. Funding Inc.,[FOOTNOTE 1] in its second significant decision in the last month addressing issues relating to electronically stored information,[FOOTNOTE 2] answered the following question, and has now provided clarity to the courts and attorneys of this state
Link: http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1332109195626&slreturn=1
THE GLOBAL RECORDS MANAGEMENT MARKET TO GROW AT A CAGR OF 10 PERCENT FOR THE PERIOD 2011-2015
Dublin - Research and Markets (http://www.researchandmarkets.com/research/05e3cea7/global_records_man) has announced the addition of the "Global Records Management Market 2011-2015" report to their offering. One of the key factors contributing to this market growth is the growing record management certification requirement. The Global Records Management market has also been witnessing the growing adoption of standalone record management. However, difficulty in getting attention of upper management could pose a challenge to the growth of this market.
Link: http://www.sys-con.com/node/2216577
SOUTH AFRICA: BAR FOR INFORMATION MANAGEMENT CONTINUES TO BE RAISED
The Mckinsey Quarterly of October 2011 reports that companies with more than 1 000 employees store an average of 235 million megabytes (or 235 terabytes) of data. One would need to fell 50 000 trees to make enough paper to print out that amount of information. Such large sets of data are virtually impossible to process and analyse without specialised and customised information management systems that can extract useful information.
Link: http://www.itweb.co.za/index.php?option=com_content&view=article&id=52816:bar-for-information-management-practice-continues-to-be-raised&catid=69
AUSTRALIA GOES DIGITAL WITH GOVERNMENT RECORDS
The Australian Government is fast-tracking moves to digital information management - with whole-of-government reforms requiring federal agencies to move from paper to digital record-keeping.
Link: http://www.futuregov.asia/articles/2012/mar/21/australia-goes-digital-government-records/
GREENWICH SUFFERS MASSIVE LOSS OF ELECTRONIC DATA
A trove of electronic records that includes some 11,000 beach card renewal applications was lost over the weekend after a series of hard drive failures sustained by the town of Greenwich's computer network, according to local officials, who are now scrambling to try to restore the precious data.
Link: http://www.greenwichtime.com/news/article/Greenwich-suffers-massive-loss-of-electronic-data-3422060.php
ACTIVISTS COMMIT MORE DATA BREACHES THAN CYBERCRIMINALS
Activists such as "Anonymous" who hack into government and corporate computer networks and then release files to embarrass those organisations were responsible for more than half of all known data thefts last year, according to a new survey.
Link: http://www.guardian.co.uk/technology/2012/mar/22/hacking-anonymous
CANADA: JUDGE UPSET BY RCMP RECORDS BACKLOG
The federal government is talking about law and order, but it needs to get its own house in order, says a Kitchener judge upset at the huge backlog in the RCMP's criminal records database.
"If the RCMP wanted to undermine the administration of justice ... it would be hard to find a better way'' than this, Justice Elliott Allen said this week in Kitchener's Ontario Court.
Link: http://www.therecord.com/news/local/article/691305--judge-upset-by-rcmp-records-backlog
SINGAPORE LURES BIG BIZ WITH MEGA DATA PROTECTION REGIME
Singapore based data protection law specialist Rosemary Lee of Pinsent Masons, the law firm behind Out-Law.com, said the Personal Data Protection Bill (74-page/387KB PDF) being proposed by Singapore's government would establish a single data protection regime for the nation for the first time.
Link: http://www.theregister.co.uk/2012/03/23/singapore_to_create_overarching_data_protection_regime/
DEDUPLICATION: STILL A GAME CHANGING TECHNOLOGY?
It may seem that we have been talking about data deduplication for a long time, but it is, in fact, still a relatively new technology. A recent IDC survey indicates that 45 percent of enterprise customers have deployed deduplication technology and some 37 percent plan to adopt it in the next 24 months.
Link: http://www.wwpi.com/index.php?option=com_content&view=article&id=14426:deduplication-still-a-game-changing-technology&catid=328:ctr-exclusives&Itemid=2701746
NATIONAL SURVEY UNCOVERS DATA BREACH VULNERABILITIES IN THE WORKPLACE
Many business professionals don't realize that when their company's confidential information is at risk, so too is the information of its clients, vendors, customers and employees.
Link: http://www.marketwatch.com/story/national-survey-uncovers-data-breach-vulnerabilities-in-the-workplace-2012-03-22
EUROPEAN MID-SIZED BUSINESSES UNPREPARED FOR SECURITY RISKS, STUDY SAYS
European mid-size businesses are not doing enough to protect their sensitive data, and need to take employee-related information security threats more seriously, according to a study sponsored by Iron Mountain.
Link: http://www.pcworld.com/businesscenter/article/252414/european_midsize_businesses_unprepared_for_data_security_risks_study_says.html
ALMOST ALL BREACHES COULD BE AVOIDED
erizon has released its annual Data Breach Investigations Report, and its primary finding is no surprise. 2011 was the year of the hacktivist, with 58 percent of all data breached being attributed to hacktivism. As the report pointed out, the rise in hacktivism accompanied a year filled with civil and cultural uprising.
Link: http://www.itbusinessedge.com/cm/blogs/poremba/almost-all-breaches-could-be-avoided/?cs=50063
DATA PROTECTION: IT'S OFTEN ABOUT LOCKING THE FRONT DOOR
Organisations, regardless of industry and size, continue to face costly data breaches, but the common attack methods are not necessarily sophisticated and obscure.
So what are the most common ways criminals are getting access to corporate networks?
Link: http://www.computerweekly.com/news/2240147051/Data-protection-Its-often-about-locking-the-front-door
LACK OF SPACE, FUNDING ENDANGER COURT RECORDS
An 1886 lawsuit filed by the state of Texas against famed rancher Charles Goodnight might have been forgotten history if it did not win state archivists' attention last summer.
Link: http://amarillo.com/news/local-news/2012-03-24/lack-space-funding-endanger-court-records
AVERAGE COST OF A DATA BREACH $5.5 MILLION IN 2011
The 2011 Cost of Data Breach Study: United States produced by Symantec and the Ponemon Institute estimates that the average cost of an enterprise data breach was $5.5 million in 2011, down from $7.2 million in 2010.
Link: http://www.infosecisland.com/blogview/20801-Average-Cost-of-a-Data-Breach-55-Million-in-2011.html
EX-EMPLOYEE SOUGHT FOR STOLEN MEDICAL RECORDS
A disgruntled employee is allegedly responsible for a multitude of personnel and financial information stolen or destroyed from a medical company's records.
Link: http://www.northfulton.com/Articles-CRIME-c-2012-03-26-192341.114126-sub-Exemployee-sought-for-stolen-records.html
FTC CALLS FOR LAWS TO BOOST CONSUMER PRIVACY PROTECTIONS
The U.S. Federal Trade Commission called on Congress to enact laws to protect individuals' online privacy and pressed companies to speed self-regulation, stepping up its drive to give Internet users more control over their personal data.
Link: http://www.bloomberg.com/news/2012-03-26/ftc-calls-for-laws-to-boost-consumer-privacy-protection-online.html
WHO HOLDS THE ENCRYPTION KEYS?
Encryption can make up for a litany of security snafus -- from a bad firewall to an unrelenting hacker to a lost laptop. Once data is encrypted, criminals can't use or sell it. Plus, if encrypted data goes missing, companies are protected from disclosure requirements in most states. No wonder 38% of companies surveyed by Forrester Research have already adopted full-disk encryption technology.
Link: http://www.computerworld.com/s/article/9225414/Who_Holds_the_Keys_
PHILIPPINES PASSES OMNIBUS DATA PROTECTION LAW
On March 20, 2012, the Senate of the Philippines unanimously approved the omnibus Data Privacy Act of 2011, also known as "An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for This Purpose a National Data Protection Commission, and for Other Purposes" (S.B. 2965).
Link: http://www.huntonprivacyblog.com/2012/03/articles/philippines-passes-omnibus-data-protection-law/
CANADA: BMO OFFERS TIPS FOR SMALL BUSINESSES TO PROTECT AGAINST FRAUD
In recognition of Fraud Prevention Month, BMO Financial Group advises Canadian business owners on actions they can take year-round to ensure that they are protected from data breaches and other forms of online fraud.
Link: http://www.marketwatch.com/story/bmo-offers-tips-for-small-businesses-to-protect-against-fraud-2012-03-26-92450
EX-DOC DUMPS ABORTION FILES IN KANSAS RECYCLING BIN
A former Kansas abortion provider isn't likely to face criminal charges for discarding hundreds of patients' private medical records in a recycling bin outside an elementary school, but anti-abortion lawmakers called Tuesday for the state Legislature to investigate.
Link: http://www.kansascity.com/2012/03/27/3516450/ex-doc-dumps-abortion-files-in.html
Link: http://www.kansascity.com/2012/03/26/3516022/star-turns-over-documents-to-state.html
AUSTRALIA: COST OF DATA BREACHES GOING UP
Organisations should be aware that dealing with a breach is becoming an increasingly costly endeavour, according to Symantec.
Link:
http://www.arnnet.com.au/article/419879/cost_data_breaches_australia_going_up_criminal_attacks_blame_symantec/
AUSTRALIAN COMPANIES LOSE 21.6 MILLION IN DATA BREACHES
Companies that employ a chief information security officer (CISO) experience less data breaches and milder ensuing financial losses than those that don't, according to new research.
Link: http://www.smh.com.au/it-pro/security-it/australian-companies-lose-216-million-in-breaches-20120329-1vz5i.html
CANADA: HOW TO MANAGE AND DISCLOSE DATA BREACHES
The 2012 Verizon Data Breach Investigations Report released last week demonstrates that data security breaches are happening much more frequently and across a wide range of industries, including financial services, retail, hospitality and manufacturing.
Link: http://www.montrealgazette.com/technology/manage+disclose+data+breaches/6367022/story.html
INDIA: HIGHWAYS MINISTRY GOING PAPERLESS
The highways ministry will go paperless soon. Under this initiative, all official documents including letters will be converted into electronic format. These can be accessed only by the official concerned and at one time multiple officials can work on the same file.
Link: http://timesofindia.indiatimes.com/india/Soon-highways-ministry-to-go-paperless/articleshow/12409454.cms
AS 60TH ANNIVERSARY NEARS, TAPE REINVENTS ITSELF
The 60th anniversary of IBM's digital tape is coming up in May. Oh yeah, and tape is dead. Or so industry pundits have declared, echoing similar prognostications for the mainframe.
But in reality, tape has a long life ahead of it. At 60, in many ways, it's just getting started.
Link: http://www.computerworld.com/s/article/9225514/As_60th_anniversary_nears_tape_reinvents_itself
Posted by Scott Hambrick on Tue, Mar 27, 2012 @ 01:59 PM
Today there are two records management related pics on www.thechive.com today. The first picture is a horrible prank someone played on a co-worker. It's a mess. I'm worried that the piece of certified mail on the desk will get mixed up in the shreds (chads) when this is cleaned up.
Employees hate digging through stacks of boxes in poorly lit closets, barns and attics. This picture is just how it was submitted to the "I hate my job" gallery on thechive.com.
Use Data Storage, Inc. Make your employees happy.
Chive on!
Posted by Scott Hambrick on Wed, Mar 07, 2012 @ 12:02 PM
I'm sorry, I just have to brag today.
No, I'll let my customer brag.
We bust our hump to make our records storage and management customers happy. I'm so proud of the people at Data Storage for serving another customer so well. Also, thanks for the video Virginia!
Posted by Scott Hambrick on Wed, Feb 22, 2012 @ 02:31 PM
IN THE RECORDS STORAGE NEWS
THE DODD-FRANK ACT: TOO BIG NOT TO FAIL
SECTIONS 404 and 406 of the Dodd-Frank law of July 2010 add up to just a couple of pages. On October 31st last year two of the agencies overseeing America's financial system turned those few pages into a form to be filled out by hedge funds and some other firms; that form ran to 192 pages.
Link: http://www.economist.com/node/21547784
91% OF SMALL HEALTHCARE ORGANIZATIONS SUFFERED DATA BREACH IN THE PAST YEAR
Nearly all small healthcare organizations and practices responding to a recent survey said they've suffered some sort of data breach in the past year, the Ponemon Institute announced this week. Overall, 91 percent of responding facilities with 250 employees or less said they had suffered at least one data breach, with 23 percent of respondents saying that their organizations experienced at least one patient medical identity theft in that time span.
Link: http://www.fiercehealthit.com/story/91-small-healthcare-organizations-suffered-data-breach-last-year/2012-02-17
DOJ LAYS DOWN THE LAW ON CRIMINAL E-DISCOVERY PROTOCOLS
The government's Joint Electronic Technology Working Group, led by the Department of Justice, began developing a best practices guide for e-discovery in the fall of 2009. The 21-page document includes principles, specific recommendations, strategy tips, and a case checklist. It was revealed at a federal software summit in Washington on Feb. 10. Circulation began last week.
Link: http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202542777740&slreturn=1
INFOFORT PARTNERS WITH DELOITTE TO IMPLEMENT ITS BUSINESS CONTINUITY MANAGEMENT PROGRAM
InfoFort, an Aramex company and the Middle East & Africa region's leading records and information management solutions provider, today announced the successful completion of an initiative with Deloitte to implement its business continuity planning and management strategy.
Link: http://www.zawya.com/story.cfm/sidZAWYA20120219094309
HOW BAD PASSWORD MANAGEMENT CAN EXPOSE CRITICAL DATABASES
As security experts analyze the ramifications of the nearly decade-long Nortel breach, one of the clearest lessons bubbling to the surface is that all of the encryption and vulnerability management in the world won't keep hackers out if they already have credentials to access sensitive databases.
Link: http://informationweek.in/Security/12-02-20/How_bad_password_management_can_expose_critical_databases.aspx
INFORMATION GOVERNANCE (FINALLY!) MOVING INTO BUSINESS
Sunil Soares, director of information governance at IBM, is author of the book "Selling Information Governance to the Business: Best Practices by Industry and Job Function." Soares recently spoke with IT Business Edge's Loraine Lawson about trends he's seeing in information governance - including, thankfully, a trend toward business owners taking responsibility for overseeing information governance.
Link: http://www.itbusinessedge.com/cm/community/features/interviews/blog/information-governance-finally-moving-into-business/?cs=49806
FTC DROPPED SECURITY REQUIREMENTS FROM CONTRACT FOR SITES HIT BY ANONYMOUS
If you were looking for a recipe for creating government websites that attract defacement attacks, the acquisition process that led to the creation of a set of recently hacked Federal Trade Commission sites would be a good place to start. Despite a raft of federal security regulations and guidelines for using cloud services, smaller projects often fall through the cracks of security oversight-just as they often do with outsourced marketing projects for large corporations.
Link: http://arstechnica.com/business/news/2012/02/recipe-for-getting-hacked-ftc-dropped-security-requirements-from-contract-for-sites-hit-by-anonymous.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
CONFLICTS ARISE WHEN COMPLYING WITH US AND EU LAWS
As companies in the U.S. work to comply with laws such as the Foreign Corrupt Practices Act (FCPA), they often conduct internal investigations that rely, in part, on collecting information from employees, such as documents and emails. It's all perfectly legal in the U.S., but it can quickly lead to potential conflict when in-house lawyers also have to navigate European Union regulations on data protection-laws that guard employee privacy, even for information stored on company computers and servers.
Link: http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1202543050680
AUSTRALIA DIVIDED OVER DATA BREACH LAWS
Australian organisations remain divided over the issue of data breach notification laws, leaving the Department of the Prime Minister and Cabinet with mixed signals over what to do in regards to planning a strategy for Australia's digital future.
Link: http://www.zdnet.com.au/australia-divided-over-data-breach-laws-339332126.htm
Posted by Scott Hambrick on Fri, Feb 03, 2012 @ 02:44 PM
IN THE NEWS
UNDERSTANDING RIM CERTIFICATIONS
As a records and information management professional, you are probably very familiar with the term Certified Records Manager (CRM). However, chances are you may not be familiar with the newest designation on the block - AIIM's Certified Information Professional (CIP). This article will explore the objective of each designation, their similarities and differences with the hope of helping you determine which (or both) designation is right for you and your organization.
Link: http://www.armaazchapter.org/rim-certifications-understanding-the-objectives-similarities-and-differences/
ABA SHOULD PAUSE BEFORE BACKING DIGITAL ONLY LAWS
The American Bar Association in February will be asked to endorse a proposed uniform law aiming at new standards for state government websites that host legal materials.
The Uniform Laws Commission is proposing the Uniform Electronic Legal Materials Act in answer to a trend, still in its infancy, of shuttering public printers and posting laws only online. But shifting an entire system of laws to online-only postings puts our legal system at risk.
Link: http://wislawjournal.com/2012/01/26/aba-should-pause-before-backing-digital-only-laws/
EU DATA PROTECTION REFORM: THE INDUSTRY RESPONDS
Following on from this week's announcement by EU justice commissioner Viviane Reding concerning proposed revisions to data protection legislation, Info4Security asks key industry professionals for their views.
Link: http://www.info4security.com/story.asp?sectioncode=9&storycode=4128642&c=1
DATA PROTECTION TOPS UK SECURITY INVESTMENTS IN 2012: SURVEY
Data protection will be the top security initiative for most UK organisations in 2012, a survey of IT professionals has revealed.
Media focus on the topic is driving public awareness as increasing powers of the Information Commissioner's Office draw the board's attention to the risks.
Link: http://www.computerweekly.com/news/2240114469/Data-protection-tops-UK-security-investments-in-2012
HOW TO PREVENT THUMB DRIVE SECURITY DISASTERS
For such a small device, the plastic, handheld USB flash drive can cause big security headaches. Even if you have robust end-point security and establish rigid policies about employee use of these drives, employees still find a way to copy financial reports and business plans for use at home. While other security breaches are more traceable, a flash drive is more difficult to monitor, especially after the employee leaves work.
Link: http://news.idg.no/cw/art.cfm?id=3F7D8E7B-9434-6059-CD33B6BEFC3A8DDD
WHEN IT COMES TO CUSTOMER DATA PROTECTION FIRMS ARE PHONING IT IN
Only half of IT professionals believe that their organization made its best effort to protect customer and consumer information, according to a survey by credit reporting firm Experian and the Ponemon Institute.
Link: http://www.infosecurity-us.com/view/23552/when-it-comes-to-customer-data-protection-firms-are-phoning-it-in/
BREACHES, LIKE HISTORY, REPEAT THEMSELVES
Two recent studies show that if organizations simply focused on IT security basics, they'd make great strides in reducing their risk of embarrassing, avoidable and often costly data breaches.
Link: http://www.networkworld.com/news/2012/013012-breaches-like-history-repeat-255470.html?hpg1=bn
MEGAUPLOAD FILES SCHEDULE TO BE DELETED ON THURSDAY
Megaupload users may never be able to re-access their files following the U.S. government's announcement late Monday that digital storage firms contracted by the shuttered company will begin deleting files Thursday this week.
Link: http://au.ibtimes.com/articles/290052/20120131/u-s-govt-megaupload-files-set-deleted.htm
NIST ISSUES GUIDELINES FOR MANAGING PRIVACY AND SECURITY ON PUBLIC CLOUD
Say what you will about the federal government, the Nat'l Institute of Standards & Technology ("NIST"), part of the Department of Commerce, has certainly been busy over the past year releasing numerous special drafts and reports addressing cloud computing recommendations, security and issues.
Link: http://www.infolawgroup.com/2012/01/articles/cloud-computing-1/nist-issues-finalized-guidelines-for-managing-security-privacy-in-public-cloud-computing/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+InfoLawGroup+%28Info+Law+Group%29&utm_content=Google+Reader
EU DATA RULES WORSE THAN SOPA?
Last week, the European Commission (EC) released a draft revision of its 1995 data protection rules for the stated purpose of strengthening online privacy rights and Europe's digital economy. But the rules threaten the viability of data-driven businesses, from Google to credit bureaus, critics contend.
Link: http://informationweek.com/news/security/privacy/232500742
UK: DATA CONTROL A BIG ISSUE IN 2012
One of the biggest issues in the world of information security in 2012 will be the way in which data protection is controlled, according to an independent security consultant.
Link: http://www.acumin.co.uk/main/news/view/data-control-a-big-issue-in-2012/3562
IRELAND: DATA PROTECTION KNOWLEDGE EXPANDS THROUGH EXPERIENCE
The 2012 data protection survey carried out by the Irish Computer Society has found that more than two thirds of respondents reported an increased knowledge of data protection requirements "through first-hand experience of data breaches rather than training and policy/procedures."
Link: http://www.techcentral.ie/18202/data-protection-knowledge-expands-through-experience
DATA BREACHES FROM UNENCRYPTED DEVICES UP 525% IN 2011
Healthcare organizations need to "serve as their own watchdog" to increase security and decrease data breaches, a new report from IT security audit firm Redspin concludes. The increase in "bring your own device" policies at various hospitals, in addition to the continued implementation of electronic health record systems, are too much for government alone to regulate, the report's authors say.
Link: http://www.fiercehealthit.com/story/report-data-breaches-unencrypted-devices-525-2011/2012-02-01
MANAGING INFORMATION IN LITIGATION, HOW TO AVOID SPENDING A FORTUNE
The costs of preserving, searching and reviewing information in litigation can be staggering. What costs a dollar to store on a hard drive can easily cost hundreds of thousands of dollars to search and review for a lawsuit. Ignoring or destroying salient information prior to or during a lawsuit can lead to losing a case-regardless of the merits of the actual claim-and spending a small fortune litigating the issue of whether you have met your discovery obligations.
Link: http://www.cioinsight.com/c/a/Expert-Voices/Managing-Information-in-Litigation-How-to-Avoid-Spending-a-Fortune-691839/
CLOUD PROVIDES TAPE ARCHIVE ALTERNATIVE
If any storage medium deserves the "legacy" moniker, it would be magnetic tape. But unless cloud archiving provides a viable alternative, this artifact of early computing could be around for many more years.
Link: http://www.itworldcanada.com/news/cloud-battles-tape-for-long-term-archives/144806
SOUTH AFRICA: FIRE DESTROYS CRUCIAL MUNICIPAL DOCUMENTS
Police in Kwazulu-Natal are investigating a suspected case of arson after a fire destroyed documents at the finance offices of Umkhanyakude District Municipality in the early hours of Thursday.
Link: http://www.buanews.gov.za/news/12/12020210351001
THE HIDDEN COSTS OF VIRTUAL BACKUPS
Time and time again, surveys indicate that despite advances in backup and data protection technology, organizations are still challenged to ensure data is adequately protected and recoverable. Often this is due to minimal review of data protection processes, few SLA requirements and lack of visibility into the results of data protection activities.
Link: http://www.echannelline.com/usa/story.cfm?item=27490
Posted by Scott Hambrick on Tue, Jan 31, 2012 @ 01:25 PM
At Data Storage we pride ourselves in taking excellent care of the information entrusted to us by our customers.
Our employees are all long-time employees with a sense of pride in their work (and tons of privacy training). We maintain careful records and audit trails on all deposits in our trust. Our facilities are monitored by state of the art security systems. The facilities are manned around the clock. We routinely change locks and maintain on keys. We require every visitor to the facility to sign in. And on and on and on and on.
In the interest of improving our security and privacy at Data Storage here in Tulsa, I attended a training seminar with my trade association last week that covered the Privacy + certification. My association is PRISM (Professional Records & Information Services Management Association). I took about 20 pages of notes in two days and have digested 100's of pages of handouts and I want to share the biggest/easiest take away tip I saw. Here it is.....
ENCRYPT YOUR HARD DRIVES AND BACKUP MEDIA.
There have been 2,761 data breaches recorded since 2008. Average notification costs are $7.2 million per incident. (Todd Stephenson, CISA Kirkpatrick Price, LLC.)
Most of these breaches involved stolen laptops. Encrypting the hard drives could eliminate most of the breaches and notification costs. It's cheap and easy to do.
ENCRYPT.
Posted by Scott Hambrick on Fri, Jan 27, 2012 @ 12:28 PM
IN THE NEWS
BYU START UP CREATES PERMANENT STORAGE TECHNOLOGY
Most of us have photographs, documents and music that we wish we could keep forever. Unfortunately, DVDs eventually fail, and data back-up can be expensive and difficult to manage. But a homegrown Utah company recently launched a solution that lasts.
Link: http://www.ksl.com/?nid=148&sid=18913005
FBI MEGAUPLOAD SHUTDOWN CUTS OFF USERS FROM PERSONAL FILES, BUSINESS DATA
After law enforcement authorities shut down Megaupload, a popular file sharing service, for violating copyright laws, Internet users took to Twitter and online forums in protest, calling it a form of censorship.
Link: http://www.eweek.com/c/a/Security/FBI-Megupload-Shutdown-Cuts-Users-Off-From-Personl-Files-Business-Data-234883/
BREACH NOTIFICATION: KNOW THE RULES
The vast majority of states and territories in the United States have rules requiring organizations managing personal information to notify affected parties if their private information has been breached.
Link: http://www.darkreading.com/compliance/blog/232500253/breach-notification-know-the-rules.html
HR RECORDKEEPING FOR EMPLOYERS
Recordkeeping is one of HR's most daunting and unpleasant responsibilities. The natural inclination of most HR managers is to run away and hide when the topic comes up. Yet, government-imposed recordkeeping obligations and the need for records to defend against employee litigation will inevitably force employers to face the music if they have not complied.
Link: http://hr.blr.com/HR-news/HR-Administration/Employee-Records/zn-HR-Recordkeeping-Employers-Keep-Paper-E-Files/
RECORDS MANAGEMENT SMARTS: HOW TO LEVERAGE KEY PERFORMANCE INDICATORS
Records management at the Stapleright Stapler company hardly lived up to its name. In fact, the president's executive assistant often spent entire days looking for just one file. But when the firm's IT team implemented a smart records management program, suddenly all of the company's bad habits were in the spotlight.
Link: http://www.ironmountain.com/Knowledge-Center/Reference-Library/View-by-Document-Type/General-Articles/R/Records-Management-Smarts-How-to-Leverage-Key-Performance-Indicators.aspx
6 THINGS INTERNATIONAL TRADE PROS NEED TO KNOW ABOUT RECORDKEEPING
The term "records" is easily understood by anyone in business, but if you want the official CBP definition, you should look to 19 CFR Part 163. Part 163 defines the term "records" to mean any information made or normally kept in the ordinary course of business which pertains to the following activities:
Link: http://www.customsinfo.com/Industry-Blog/bid/118991/6-Things-International-Trade-Pros-Need-to-Know-about-Recordkeeping
EU PRIVACY RULES TO INCLUDE LEAK DISCLOSURE WITHIN 24 HOURS
A European Union proposal to simplify and toughen the region's data-protection rules will require companies to disclose data breaches within 24 hours of their occurrences, Justice Commissioner Viviane Reding said.
Link: http://news.businessweek.com/article.asp?documentKey=1376-LY7C4A6JTSE801-59G6O8FNVJIA7EN88LOVDNRB6D
KODAK IMAGING SAYS BUSINESS AS USUAL DESPITE CHAPTER 11
Kodak Asia-Pacific says its business as usual for the Document Imaging (DI) division despite parent company Eastman Kodak filing for Chapter 11 bankruptcy protection.
Link: http://idm.net.au/article/008847-kodak-imaging-says-business-usual-despite-chapter-11
FAILURE TO PRODUCE ORIGINALS COULD BE SPOLIATION IN THIRD CIRCUIT
In this case, the appellate court concluded that "producing copies in instances where the originals have been requested may constitute spoliation if it would prevent discovering critical information," but found that in the present case, the District Court abused its discretion in finding that spoliation had occurred and in imposing a sanction of dismissal with prejudice.
Link: http://www.ediscoverylaw.com/2012/01/articles/case-summaries/failure-to-produce-originals-could-be-spoliation-in-third-circuit/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+ediscoverylaw/klgates+%28Electronic+Discovery+Law%29&utm_content=Google+Reader
DATA STORAGE: FROM THE FLOPPY DISK TO THE CLOUD
As part of my annual New Year's resolutions, I've been cleaning my home office. And not just the usual surface job, but a real deep cleaning that entails going through every box, drawer, shelf, and other container, ruthlessly analyzing whether I actually need and/or use the object in question and then, more often than not, tossing out or otherwise removing the offender.
Link: http://www.windowsitpro.com/article/storage/data-storage-floppy-disk-cloud-142021
ONLINE TRUST ALLIANCE RELEASES 2012 DATA PROTECTION AND BREACH READINESS GUIDE (FREE DOWNLOAD)
In the wake of 2011, which many analysts are calling the "Year of the Breach," the Online Trust Alliance (OTA) today announced the release of the 2012 Data Protection & Breach Readiness Guide, a comprehensive guide outlining key questions and recommendations to help businesses in breach prevention and incident management.
Link: http://www.marketwatch.com/story/the-online-trust-alliance-releases-2012-data-protection-and-breach-readiness-guide-2012-01-24
SEN. LEAHY URGES CONGRESS TO PASS NATIONAL DATA BREACH LEGISLATION
Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) urged his colleagues to pass a national law telling companies when and how they must inform consumers their data has breached on Tuesday.
Link: http://thehill.com/blogs/hillicon-valley/technology/206137-leahy-urges-congress-to-pass-data-breach-legislation
EUROPE'S PROPOSED NEW DATA LAWS CALLED A BURDEN ON BUSINESS
Europe's proposed new laws on data protection are burdensome and expensive, but may give companies incentive to put more measures in place to secure data, according to representatives of business interests.
Link: http://www.networkworld.com/news/2012/012512-europes-proposed-new-data-laws-255302.html
FINAL PHASE OF MASS. DATA PROTECTION LAW KICKS IN ON MARCH 1
All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010.
Link: http://www.computerworld.com/s/article/9223709/Final_phase_of_Mass._data_protection_law_kicks_in_March_1?taxonomyId=19
9 WAYS TO MINIMIZE DATA BREACH FALLOUT
Data breaches are a fact of business life. But beyond keeping a data breach response plan at the ready, how can IT departments best prevent and mitigate data breaches? Start here:
Link: http://www.informationweek.com/news/security/attacks/232500394
IS KEEPING LEGACY DATA MORE TROUBLE THAN IT'S WORTH?
Legacy data (backup tapes, file shares, personal storage tables, and other storage media) when kept indefinitely has no value or purpose. But it can create expensive havoc and costs that can be avoided if the data is properly managed-and destroyed when business and legal retention requirements expire.
Link: http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1327262306949&hubType=Top%20Story&Is_Keeping_Legacy_Data_More_Trouble_Than_Its_Worth
IS THE CLOUD RIGHT FOR HIPAA COMPLIANCE?
Ever since the stimulus package passed in 2009, the reach of regulatory requirements has been extended to reach beyond healthcare providers to include all the business associates, such as accountants, lawyers, IT providers, etc. who work with these providers.
Link: http://www.corporatecomplianceinsights.com/is-the-cloud-right-for-hipaa-compliance/
AT&T SAYS EU 24-HOUR NOTIFICATION IS "UNWORKABLE"
New data privacy regulations being implemented by the European Union will present serious complications for U.S. companies doing business in Europe, according to an IT security and data privacy executive who took part in a panel at the George Washington University School of Law in Washington, D.C.
Link: http://www.eweek.com/c/a/Security/EU-24hour-Data-Breach-Notification-Rule-Unworkable-ATandT-Executive-863336/