Subscribe by Email

Your email:

Browse by Tag

Follow Me

Subscribe via E-mail

Your email:

Blog

Current Articles | RSS Feed RSS Feed


Write a blog article!

Data Storage Blog, a discussion of practical records management.

Current Articles | RSS Feed RSS Feed

Records imaging and Information Management News February 3, 2012

  
  
  
  
  

IN THE NEWS

UNDERSTANDING RIM CERTIFICATIONSRecords Privacy news

As a records and information management professional, you are probably very familiar with the term Certified Records Manager (CRM).   However, chances are you may not be familiar with the newest designation on the block - AIIM's Certified Information Professional (CIP).  This article will explore the objective of each designation, their similarities and differences with the hope of helping you determine which (or both) designation is right for you and your organization.

Link: http://www.armaazchapter.org/rim-certifications-understanding-the-objectives-similarities-and-differences/

ABA SHOULD PAUSE BEFORE BACKING DIGITAL ONLY LAWS

The American Bar Association in February will be asked to endorse a proposed uniform law aiming at new standards for state government websites that host legal materials.

The Uniform Laws Commission is proposing the Uniform Electronic Legal Materials Act in answer to a trend, still in its infancy, of shuttering public printers and posting laws only online. But shifting an entire system of laws to online-only postings puts our legal system at risk.

Link: http://wislawjournal.com/2012/01/26/aba-should-pause-before-backing-digital-only-laws/

EU DATA PROTECTION REFORM: THE INDUSTRY RESPONDS

Following on from this week's announcement by EU justice commissioner Viviane Reding concerning proposed revisions to data protection legislation, Info4Security asks key industry professionals for their views.

Link: http://www.info4security.com/story.asp?sectioncode=9&storycode=4128642&c=1

DATA PROTECTION TOPS UK SECURITY INVESTMENTS IN 2012: SURVEY

Data protection will be the top security initiative for most UK organisations in 2012, a survey of IT professionals has revealed.

Media focus on the topic is driving public awareness as increasing powers of the Information Commissioner's Office draw the board's attention to the risks.

 

Link: http://www.computerweekly.com/news/2240114469/Data-protection-tops-UK-security-investments-in-2012

HOW TO PREVENT THUMB DRIVE SECURITY DISASTERS

For such a small device, the plastic, handheld USB flash drive can cause big security headaches. Even if you have robust end-point security and establish rigid policies about employee use of these drives, employees still find a way to copy financial reports and business plans for use at home. While other security breaches are more traceable, a flash drive is more difficult to monitor, especially after the employee leaves work.

Link: http://news.idg.no/cw/art.cfm?id=3F7D8E7B-9434-6059-CD33B6BEFC3A8DDD

WHEN IT COMES TO CUSTOMER DATA PROTECTION FIRMS ARE PHONING IT IN

Only half of IT professionals believe that their organization made its best effort to protect customer and consumer information, according to a survey by credit reporting firm Experian and the Ponemon Institute.

Link: http://www.infosecurity-us.com/view/23552/when-it-comes-to-customer-data-protection-firms-are-phoning-it-in/

BREACHES, LIKE HISTORY, REPEAT THEMSELVES

Two recent studies show that if organizations simply focused on IT security basics, they'd make great strides in reducing their risk of embarrassing, avoidable and often costly data breaches.

Link: http://www.networkworld.com/news/2012/013012-breaches-like-history-repeat-255470.html?hpg1=bn

MEGAUPLOAD FILES SCHEDULE TO BE DELETED ON THURSDAY

Megaupload users may never be able to re-access their files following the U.S. government's announcement late Monday that digital storage firms contracted by the shuttered company will begin deleting files Thursday this week.

Link: http://au.ibtimes.com/articles/290052/20120131/u-s-govt-megaupload-files-set-deleted.htm

NIST ISSUES GUIDELINES FOR MANAGING PRIVACY AND SECURITY ON PUBLIC CLOUD

Say what you will about the federal government, the Nat'l Institute of Standards & Technology ("NIST"), part of the Department of Commerce, has certainly been busy over the past year releasing numerous special drafts and reports addressing cloud computing recommendations, security and issues.

Link: http://www.infolawgroup.com/2012/01/articles/cloud-computing-1/nist-issues-finalized-guidelines-for-managing-security-privacy-in-public-cloud-computing/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+InfoLawGroup+%28Info+Law+Group%29&utm_content=Google+Reader

EU DATA RULES WORSE THAN SOPA?

Last week, the European Commission (EC) released a draft revision of its 1995 data protection rules for the stated purpose of strengthening online privacy rights and Europe's digital economy. But the rules threaten the viability of data-driven businesses, from Google to credit bureaus, critics contend.

Link: http://informationweek.com/news/security/privacy/232500742

UK: DATA CONTROL A BIG ISSUE IN 2012

One of the biggest issues in the world of information security in 2012 will be the way in which data protection is controlled, according to an independent security consultant.

Link: http://www.acumin.co.uk/main/news/view/data-control-a-big-issue-in-2012/3562

IRELAND: DATA PROTECTION KNOWLEDGE EXPANDS THROUGH EXPERIENCE

The 2012 data protection survey carried out by the Irish Computer Society has found that more than two thirds of respondents reported an increased knowledge of data protection requirements "through first-hand experience of data breaches rather than training and policy/procedures."

Link: http://www.techcentral.ie/18202/data-protection-knowledge-expands-through-experience

DATA BREACHES FROM UNENCRYPTED DEVICES UP  525% IN 2011

Healthcare organizations need to "serve as their own watchdog" to increase security and decrease data breaches, a new report from IT security audit firm Redspin concludes. The increase in "bring your own device" policies at various hospitals, in addition to the continued implementation of electronic health record systems, are too much for government alone to regulate, the report's authors say.

Link: http://www.fiercehealthit.com/story/report-data-breaches-unencrypted-devices-525-2011/2012-02-01

MANAGING INFORMATION IN LITIGATION, HOW TO AVOID SPENDING A FORTUNE

The costs of preserving, searching and reviewing information in litigation can be staggering. What costs a dollar to store on a hard drive can easily cost hundreds of thousands of dollars to search and review for a lawsuit. Ignoring or destroying salient information prior to or during a lawsuit can lead to losing a case-regardless of the merits of the actual claim-and spending a small fortune litigating the issue of whether you have met your discovery obligations.

Link: http://www.cioinsight.com/c/a/Expert-Voices/Managing-Information-in-Litigation-How-to-Avoid-Spending-a-Fortune-691839/

CLOUD PROVIDES TAPE ARCHIVE ALTERNATIVE

If any storage medium deserves the "legacy" moniker, it would be magnetic tape. But unless cloud archiving provides a viable alternative, this artifact of early computing could be around for many more years.

Link: http://www.itworldcanada.com/news/cloud-battles-tape-for-long-term-archives/144806

SOUTH AFRICA: FIRE DESTROYS CRUCIAL MUNICIPAL DOCUMENTS

Police in Kwazulu-Natal are investigating a suspected case of arson after a fire destroyed documents at the finance offices of Umkhanyakude District Municipality in the early hours of Thursday.

Link: http://www.buanews.gov.za/news/12/12020210351001

THE HIDDEN COSTS OF VIRTUAL BACKUPS

Time and time again, surveys indicate that despite advances in backup and data protection technology, organizations are still challenged to ensure data is adequately protected and recoverable. Often this is due to minimal review of data protection processes, few SLA requirements and lack of visibility into the results of data protection activities.

Link: http://www.echannelline.com/usa/story.cfm?item=27490

 

Tulsa Offsite Data Storage and Risk Management

  
  
  
  
  

At Data Storage we pride ourselves in taking excellent care of the information entrusted to us by our customers.Tulsa offsite data storage, backup storage, data encryption

Our employees are all long-time employees with a sense of pride in their work (and tons of privacy training).  We maintain careful records and audit trails on all deposits in our trust.  Our facilities are monitored by state of the art security systems.  The facilities are manned around the clock.  We routinely change locks and maintain on keys.  We require every visitor to the facility to sign in. And on and on and on and on.

In the interest of improving our security and privacy at Data Storage here in Tulsa, I attended a training seminar with my trade association last week that covered the Privacy + certification.  My association is PRISM (Professional Records & Information Services Management Association).  I took about 20 pages of notes in two days and have digested 100's of pages of handouts and I want to share the biggest/easiest take away tip I saw. Here it is.....

 

ENCRYPT YOUR HARD DRIVES AND BACKUP MEDIA.

 

There have been 2,761 data breaches recorded since 2008.  Average notification costs are $7.2 million per incident.  (Todd Stephenson, CISA Kirkpatrick Price, LLC.)

Most of these breaches involved stolen laptops.  Encrypting the hard drives could eliminate most of the breaches and notification costs.  It's cheap and easy to do.  


ENCRYPT.

 

 

Records imaging and Information Management News January 27, 2012

  
  
  
  
  

IN THE NEWS

BYU START UP CREATES PERMANENT STORAGE TECHNOLOGYrecords privacy news

Most of us have photographs, documents and music that we wish we could keep forever. Unfortunately, DVDs eventually fail, and data back-up can be expensive and difficult to manage. But a homegrown Utah company recently launched a solution that lasts.

Link: http://www.ksl.com/?nid=148&sid=18913005

FBI MEGAUPLOAD SHUTDOWN CUTS OFF USERS FROM PERSONAL FILES, BUSINESS DATA

After law enforcement authorities shut down Megaupload, a popular file sharing service, for violating copyright laws, Internet users took to Twitter and online forums in protest, calling it a form of censorship.

Link: http://www.eweek.com/c/a/Security/FBI-Megupload-Shutdown-Cuts-Users-Off-From-Personl-Files-Business-Data-234883/

BREACH NOTIFICATION: KNOW THE RULES

The vast majority of states and territories in the United States have rules requiring organizations managing personal information to notify affected parties if their private information has been breached.

Link: http://www.darkreading.com/compliance/blog/232500253/breach-notification-know-the-rules.html

HR RECORDKEEPING FOR EMPLOYERS

Recordkeeping is one of HR's most daunting and unpleasant responsibilities. The natural inclination of most HR managers is to run away and hide when the topic comes up. Yet, government-imposed recordkeeping obligations and the need for records to defend against employee litigation will inevitably force employers to face the music if they have not complied.

Link: http://hr.blr.com/HR-news/HR-Administration/Employee-Records/zn-HR-Recordkeeping-Employers-Keep-Paper-E-Files/

RECORDS MANAGEMENT SMARTS: HOW TO LEVERAGE KEY PERFORMANCE INDICATORS

Records management at the Stapleright Stapler company hardly lived up to its name. In fact, the president's executive assistant often spent entire days looking for just one file. But when the firm's IT team implemented a smart records management program, suddenly all of the company's bad habits were in the spotlight.

Link: http://www.ironmountain.com/Knowledge-Center/Reference-Library/View-by-Document-Type/General-Articles/R/Records-Management-Smarts-How-to-Leverage-Key-Performance-Indicators.aspx

6 THINGS INTERNATIONAL TRADE PROS NEED TO KNOW ABOUT RECORDKEEPING

The term "records" is easily understood by anyone in business, but if you want the official CBP definition, you should look to 19 CFR Part 163. Part 163 defines the term "records" to mean any information made or normally kept in the ordinary course of business which pertains to the following activities:

Link: http://www.customsinfo.com/Industry-Blog/bid/118991/6-Things-International-Trade-Pros-Need-to-Know-about-Recordkeeping

EU PRIVACY RULES TO INCLUDE LEAK DISCLOSURE WITHIN 24 HOURS

A European Union proposal to simplify and toughen the region's data-protection rules will require companies to disclose data breaches within 24 hours of their occurrences, Justice Commissioner Viviane Reding said.

Link: http://news.businessweek.com/article.asp?documentKey=1376-LY7C4A6JTSE801-59G6O8FNVJIA7EN88LOVDNRB6D

KODAK IMAGING SAYS BUSINESS AS USUAL DESPITE CHAPTER 11

Kodak Asia-Pacific says its business as usual for the Document Imaging (DI) division despite parent company Eastman Kodak filing for Chapter 11 bankruptcy protection.

Link: http://idm.net.au/article/008847-kodak-imaging-says-business-usual-despite-chapter-11

FAILURE TO PRODUCE ORIGINALS COULD BE SPOLIATION IN THIRD CIRCUIT

In this case, the appellate court concluded that "producing copies in instances where the originals have been requested may constitute spoliation if it would prevent discovering critical information," but found that in the present case, the District Court abused its discretion in finding that spoliation had occurred and in imposing a sanction of dismissal with prejudice.

Link: http://www.ediscoverylaw.com/2012/01/articles/case-summaries/failure-to-produce-originals-could-be-spoliation-in-third-circuit/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+ediscoverylaw/klgates+%28Electronic+Discovery+Law%29&utm_content=Google+Reader

DATA STORAGE: FROM THE FLOPPY DISK TO THE CLOUD

As part of my annual New Year's resolutions, I've been cleaning my home office. And not just the usual surface job, but a real deep cleaning that entails going through every box, drawer, shelf, and other container, ruthlessly analyzing whether I actually need and/or use the object in question and then, more often than not, tossing out or otherwise removing the offender.

Link: http://www.windowsitpro.com/article/storage/data-storage-floppy-disk-cloud-142021

ONLINE TRUST ALLIANCE RELEASES 2012 DATA PROTECTION AND BREACH READINESS GUIDE (FREE DOWNLOAD)

In the wake of 2011, which many analysts are calling the "Year of the Breach," the Online Trust Alliance (OTA) today announced the release of the 2012 Data Protection & Breach Readiness Guide, a comprehensive guide outlining key questions and recommendations to help businesses in breach prevention and incident management.

Link: http://www.marketwatch.com/story/the-online-trust-alliance-releases-2012-data-protection-and-breach-readiness-guide-2012-01-24

SEN. LEAHY URGES CONGRESS TO PASS NATIONAL DATA BREACH LEGISLATION

Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) urged his colleagues to pass a national law telling companies when and how they must inform consumers their data has breached on Tuesday.

Link: http://thehill.com/blogs/hillicon-valley/technology/206137-leahy-urges-congress-to-pass-data-breach-legislation

EUROPE'S PROPOSED NEW DATA LAWS CALLED A BURDEN ON BUSINESS

Europe's proposed new laws on data protection are burdensome and expensive, but may give companies incentive to put more measures in place to secure data, according to representatives of business interests.

Link: http://www.networkworld.com/news/2012/012512-europes-proposed-new-data-laws-255302.html

FINAL PHASE OF MASS. DATA PROTECTION LAW KICKS IN ON MARCH 1

All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010.

Link: http://www.computerworld.com/s/article/9223709/Final_phase_of_Mass._data_protection_law_kicks_in_March_1?taxonomyId=19

9 WAYS TO MINIMIZE DATA BREACH FALLOUT

Data breaches are a fact of business life. But beyond keeping a data breach response plan at the ready, how can IT departments best prevent and mitigate data breaches? Start here:

Link: http://www.informationweek.com/news/security/attacks/232500394

IS KEEPING LEGACY DATA MORE TROUBLE THAN IT'S WORTH?

Legacy data (backup tapes, file shares, personal storage tables, and other storage media) when kept indefinitely has no value or purpose. But it can create expensive havoc and costs that can be avoided if the data is properly managed-and destroyed when business and legal retention requirements expire.

Link: http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1327262306949&hubType=Top%20Story&Is_Keeping_Legacy_Data_More_Trouble_Than_Its_Worth

IS THE CLOUD RIGHT FOR HIPAA COMPLIANCE?

Ever since the stimulus package passed in 2009, the reach of regulatory requirements has been extended to reach beyond healthcare providers to include all the business associates, such as accountants, lawyers, IT providers, etc. who work with these providers.

Link: http://www.corporatecomplianceinsights.com/is-the-cloud-right-for-hipaa-compliance/

AT&T SAYS EU 24-HOUR NOTIFICATION IS "UNWORKABLE"

New data privacy regulations being implemented by the European Union will present serious complications for U.S. companies doing business in Europe, according to an IT security and data privacy executive who took part in a panel at the George Washington University School of Law in Washington, D.C.

Link: http://www.eweek.com/c/a/Security/EU-24hour-Data-Breach-Notification-Rule-Unworkable-ATandT-Executive-863336/

Records Storage, Privacy Certification and Compliance

  
  
  
  
  

I'm at the Prism International Privacy+ certification conference in Miami, FL this week.  Privacy+ certification

Data Storage is on it's way to receiving Privacy+ certification in the inaugural class of recipients.  I'm pretty excited about that. 

We work hard to keep our client data safe and would without receiving this certification.  

 

I just had a thought.

Certification can exist without compliance, and compliance can exist without certification.  

If you don't execute on your policies and training after receiving the certification, you aren't compliant.

Even after we receive the certification, we have to make sure we continue to review, train, examine and execute to maintain regulatory compliance in our records storage, online  backup, imaging, records shredding and other activities.

What are you doing to pursue compliance ABOVE your certifications?

Scott Hambrick Tulsa

Records centers get interesting storage requests

  
  
  
  
  

I've been running Data Storage for 14 years and have had a lot of interesting storage requests.  

In the course of our business we barcode, log, index and store:

  • paper recordsstoring stamps
  • well logs
  • core samples
  • tissue blocks
  • microfiche 
  • microfilm
  • x-ray films
  • computer backup tapes 
  • christmas decorations
  • printed materials like brochures and forms
  • computer hardware
  • software
  • A snow plow attachment for a pickup truck
  • new cardboard boxes (for a customer who needed them for the Christmas season)
Yesterday I got a request I haven't had before.  I was asked if we store stamps.  I thought about collectible stamps and rubber stamps but needed to know more.  After asking some questions, I found this company has bought 6 million first class "forever stamps" and needs them stored safely.  

Since stamps are going to .45 for a first class mailing, this potential customer made a play for the forever stamp in hopes to save the difference in the postage prices.  
If this story is true, they paid $2,640,000 for the stamps.  So far their gross savings are $60,000.  I don't know how long it would take to use 6,000,000 stamps, but I'd be concerned if it took more than a few months to recover my 2.64 million bucks.  
After some discussion, I recommended climate controlled storage as the stamps have an adhesive backing, but I told them we could not store the stamps. It seems to me like the stamps are a cash equivalent.   It'd be like storing 2.64 million dollars in our facility.  
While we are a secure facility that takes security and privacy seriously, we are not a bank vault.
This contract scared me.  We bowed out.  
Anyone want to store 6 million stamps? 
Scott Hambrick

I

Records Storage and Information Management News January 13, 2012

  
  
  
  
  

IN THE NEWS

RECORDS KEEPING VITAL TO TRANSPARENCYrecords storage news

The case of the deleted email state government accounts underscores the idea that open records begins with proper record keeping, and the importance of making sure those who handle the records understand it.

Link: http://www.burlingtonfreepress.com/article/20120105/OPINION01/201050301/Voice-Free-Press-Records-keeping-vital-transparency?odyssey=nav|head

ANAHEIM MAYOR CALLS RECORDS DESTRUCTION ORDER "A MISTAKE"

After remaining silent nearly a week on an Anaheim Planning Department manager's order that department employees purge their records, Mayor Tom Tait Thursday issued a statement acknowledging that the order was "a mistake."

Link: http://voiceofoc.org/countywide/this_just_in/article_8978f176-381b-11e1-9d7e-001871e3ce6c.html

PROTECT YOUR DATA FROM WEATHER-RELATED DISASTER

Charles Bernard, president of Criteria for Success, a midtown sales and training firm, thought he'd made adequate plans for backing up critical company data. His firm's servers were elevated slightly from the floor, and he was backing up files on a monthly basis. Then, one morning in 2007, he and his employees walked in to work to discover the firm's file server sitting in a puddle of water, brought on by a burst steam pipe in the dead of winter.

Link: http://www.crainsnewyork.com/article/20120106/SMALLBIZ/120109953/1072

7 HEALTH DATA PRIVACY AND SECURITY TRENDS TO TRACK IN 2012

Happy Leap Year! We're jumping into a challenging 12 months - lawsuits are up, budgets are down, and advances in technology have made protecting medical data a whole lot harder. Our list of top trends in 2012 reveals difficulties ahead; read and proceed with caution.

Link: http://www.govhealthit.com/news/7-health-data-privacy-and-security-trends-track-2012

 HUGE CLOUD COMPUTING DATA BREACH WAITING TO HAPPEN

This year promises to be one that will be remembered as the year that outsourcing to the cloud gained significant momentum. But it could also be the year that cyber-attackers target the cloud and send shockwaves through corporations by causing a huge cloud security breach.

Link: http://www.computerweekly.com/blogs/inside-outsourcing/2012/01/huge-cloud-computing-data-breach-waiting-to-happen.html

WELLS FARGO QUESTIONED ABOUT PRIVACY BREACH

Connecticut Attorney General George Jepsen has issued a letter to Wells Fargo & Co. asking the bank to explain why it released customers' Social Security numbers when it mailed copies of subpoenas issued by the state Department of Social Services.

Link: http://www.bankinfosecurity.com/articles.php?art_id=4383

HOW LONG DO WE NEED TO KEEP ALL THIS STUFF?

Every year at this time, our phones ring with questions such as "How long do I have to keep these personnel files?" or "Do we really need to hang on to these time cards?"

Link: http://www.ourcoloradonews.com/business/careers/how-long-do-we-need-to-keep-all-this-stuff/article_3e58ba58-381d-11e1-9063-001871e3ce6c.html

FOUR DATA PROTECTION AND STORAGE TRENDS FOR 2012

About a month ago I started to put some thought and research into what might emerge as the top trends of 2012 by keeping a notebook next to my keyboard so as ideas struck me I could jot them down. Now as I look at the four trends that made today's short list, they ended up being on the surface ones that I hear, write and talk about every day.

Link: http://www.echannelline.com/usa/story.cfm?item=27403

WHAT DO YOU DO WHEN YOUR BUSINESS PARTNER IS BREACHED?

A breach in your own organization is bad enough, but a breach at a third-party vendor or contractor that is tightly connected to your organization can be even more frustrating. The key to minimizing the chaos is to work closely with your vendors, contractors, and service providers so that you'll be able to respond quickly when a compromise happens.

Link: http://www.darkreading.com/security/antivirus/232301397/tech-insight-what-to-do-when-your-business-partner-is-breached.html

CATTLES' LOST BACKUP TAPES HIGHLIGHT RISK OF UNENCRYPTED DATA STORAGE

The Cattles Group, which specialises in personal loans and debt recovery, admitted losing two backup tapes containing information about 1.4 million customers. Although the loss took place at the end of November, the company has only recently written to customers informing them of the breach. It has also informed the Information Commission's Office and the Financial Services Authority.

Link: http://searchsecurity.techtarget.co.uk/news/2240113549/Cattles-lost-backup-tapes-highlight-risk-of-unencrypted-data-storage

CANADA: FORCE FIRMS TO DISCLOSE DATA BREACHES, REPORT URGES

Bill C-12, which went through first reading in the House of Commons three months ago, would change the Personal Information Protection and Electronic Documents Act (PIPEDA) to require Canadian companies to report incidents involving the theft or loss of personal information. Currently PIPEDA does not require disclosure of data breaches and Alberta is the only province to have mandated such a requirement.

Link: http://business.financialpost.com/2012/01/10/force-firms-to-disclose-data-breaches-report-urges-2/

2012 PONEMON REPORT ON TRENDS IN SECURITY OF DATA RECOVERY

DriveSavers Data Recovery, the worldwide leader in data recovery services, announced today that the Ponemon Institute, a privacy and information management research firm, identifies in its second annual study, Trends in Security of Data Recovery Operations, new potential threats to the security of confidential and sensitive data when it is outsourced to third-party data recovery vendors.

Link: http://www.darkreading.com/insider-threat/167801100/security/news/232400100/2012-ponemon-report-on-trends-in-security-of-data-recovery.html

HIPAA PRIVACY AND SECURITY IS AN ONGOING TASK

Many clinicians who have now completed their 2011 EHR Incentive Program attestation may now, feeling a sigh of relief, believe that keeping track of privacy and security is done - that it was a one-time effort needed in order to comply with one of the core Meaningful Use requirements.

Link: http://www.practicefusion.com/ehrbloggers/2012/01/hipaa-privacy-and-security-is-an-ongoing-task.html

US ORGS NEED TO RE-EVALUATE DATA PROTECTION IN ANTICIPATION OF EU

With the European Commission poised to announce sweeping data protection legislation, it's imperative that U.S.-based organizations take a closer look at putting reliable, robust systems in place for protecting data. It would be wise for U.S. organizations to commit resources now to protecting data in anticipation of the new EU laws that will soon be unveiled, even if they are not doing business abroad.

Link: http://www.gsnmagazine.com/node/25420?c=cyber_security

RARE LEGAL FIGHT TAKES ON CREDIT CARD COMPANIES SECURITY STANDARDS AND FINES

A small celebrity-friendly restaurant in Utah is finally doing what many merchants have only dreamed of doing for a long time - taking on a part of the payment card industry's powerful but flawed system for securing card data by fining merchants for failing to secure their data.

Link: http://www.wired.com/threatlevel/2012/01/pci-lawsuit/

 

HACK ATTACKS NOW LEADING CAUSE OF DATA BREACHES

The majority of data breaches stem from hack attacks, followed by data that's lost while physically in transit. That's according to a forthcoming study from the Identity Theft Resource Center (ITRC), which assessed all known information relating to the 419 breaches that were publicly disclosed in the United States in 2011. A copy of the report was provided to InformationWeek in advance of its release.

Link: http://www.informationweek.com/news/security/attacks/232400252

Migrating Your Fortis Software for Records Management Part 2

  
  
  
  
  

Earlier this week we covered part one of migrating Fortis SE to a new server.  Now we are getting to the nitty gritty.  We're moving images and databases here.  software for records management

 

Attach or install the Fortis databases if you have moved or reinstalled your Database Server.

                Fortis SE or Fortis Embedded:

                Open the dbs.ini from the old server and note the DBdir= value in [DBSetup] section.

                Navigate to this directory on the old Database Server.

                Note: In order to copy the data files, the databases must not be in use by SQL Server at the time. Consult with a SQL Server administrator to facilitate this.

 

                Copy the .mdf and .ldf files corresponding to the names of the databases used in Fortis and move them to the directory noted in the DBdir= value of the dbs.ini on the new Database Server.

                Again, in the dbs.ini of the old server, note that each database has a section denoted by its name in square brackets, e.g.: [Records]. Within each section there will be an equal pair of values, LogFilePath= and FullTextInfo=. This directory is typically known as the Related files directory. Copy these directories to an equivalent location on the new server.

                Log into the Database Administration Station, hit “Open DB,” and click the “Install..” button.

                Type in or choose the name of the database. In most cases, this will consist of the “dbname” portion of dbname.mdf.

                For the related database files directory, give the new location of the corresponding Related files directory.

                Hit “OK” and your database will be installed.

                Note: There are circumstances which may prevent the Install Database function from recognizing the files in the new DBdir= directory. If this is the case, refer to the reference section “Attaching Fortis databases to a new SQL Server”. After attaching the database, run the Install Database command once more. The attached database will now appear in the drop-down list.

                In the dbs.ini of the old server, note that each database has a section denoted by its name in square brackets, e.g.: [Records]. Within each section there will be an equal pair of values, LogFilePath= and FullTextInfo=. This directory is typically known as the Related files directory. Copy these directories to an equivalent location on the new server.

                Copy the dbs.ini file from the old SYDATA directory to the new one.

                Edit all references to the old server in the new dbs.ini file to reflect the server change. These values typically are multiple instances of SERVER=, FullTextInfo=, and LogFilePath=.

                After editing the dbs.ini file, the Fortis workstations will now show the moved databases.

                Correct the image archive locations in the database if they are to be moved.

                Copy your image archive directories to the new server.

                Log into the Database Administration Station and open the database.

                Change the archiving location for all future documents.

                In the Document Explorer window, right-click and get the properties of the root folder of the database.

                Under the Archive tab, update the archive path to reflect the new location of the image archive. Hit “OK” to exit the folder properties window.

                These steps must be repeated for any folder in the database that has an archive location set in its Archive tab. When an archiving location is blank in a folder’s properties, it will inherit the location from its parent folder.

                Update the archive path for all existing documents.

                In the Database Administration Station, choose Tools>Update Archive Path. For instructions on how to use this tool, consult the documentation.

                To confirm that the command has worked, open the Update Archive Path tool once more and check to make sure that any paths pointing to the old server are gone. There are some configurations where you may see the an old path still appear on the list even though the tool had definitely run on that path previously. Simply repeat the steps above until the old path does not appear in the original archive list.

                Set up your backup solution for the new server.

                Deploy the remaining workstations, using the Fortis Installation Guide as a reference.

 

See, that isn't too bad.  No it is.  Call me and I'll do it for you if you'd like. 

Scott Hambrick  

Let me know if you'd like a quick update on the state of the art in electronic document management.  Click below for a 15 minute briefing.

electronic-documents-demo

Migrating Your Fortis Records Management Applications

  
  
  
  
  

How to migrate your Fortis software to a new machine!

We've been selling and supporting Fortis records management applications and document management software for about 4 years. Our earliest customers are migrating to new hardware like crazy now and we are getting a lot of requests for help in migration. Records management applications    

If you are planning on a move to Windows 7 64 bit and/or Windows Server 2008 any time soon, you'll need this article.

I'll try to keep it simple.  

  1. Perform a new Fortis installation on the new server using the instructions provided in the Fortis Installation Guide.
  2. Apply any applicable service packs to Fortis.
  3. Perform a workstation setup on one machine to facilitate the rest of the migration.
  4. Before transferring any files whatsoever, make a complete backup copy of both the Fortis and FortisDT directories.
  5. Transfer users from the previous installation.  (Note: Immediately after an installation, the default password for the SYSADM user is “westtech#1”.)
  6. Log into the System Administration Station and change the SYSADM password to match that which you have in your old installation.
  7. Exit Fortis and copy the following files and directories from the SYSDATA directory of the old server to the same directory on the new server: users.dat, inbaskets.dat, ldap.ini, the OBJECT directory
  8. Correct the location of the In Baskets, if they are to be moved. It is recommended that all In Baskets be cleared of any files as this will make the process simpler.
  9. Log into the System Administration station and open the In Baskets window.
  10. Click on the “Def. Path” grey button or choose “Default In Basket Path” from the menu. Adjust this path to reflect the new default location for In Baskets. Note: When adjusting the Default In Basket Path, any In Basket that was previously set to use the default location will automatically switch to the location it had been using before the Default Path was changed. “Use default location” will become deselected.
  11. Open each individual In Basket and check “Use default location” to any In Basket that had previously been using the default location on the old server. This will create a new folder in the new default location on the new server.
  12. Copy any files that were present in In Baskets on the old server to the corresponding In Basket folder on the new server.
That's all I can stand writing today.  Steps 1-12 will get your users, security permissions, preferences inbaskets and more moved into your new installation.  The second part iwll move the database and the images.  I'll get that one out later this week.
If you need some help with your migration or if you'd like a webinar introduction to electronic document imaging, follow the link below.
Thanks,
Scott Hambrick electronic-documents-demo

Records imaging and Information Management News January 6, 2012

  
  
  
  
  

IN THE NEWS

Document Storage News

A HANDFUL OF 2012 PRIVACY AND SECURITY PREDICTIONS


Link: http://www.infolawgroup.com/2012/01/articles/information-security/a-handful-of-2012-privacy-security-predictions/Even though 2011 was an extremely active year on the information security and privacy fronts - with a blizzard of proposed legislation, near weekly front page data breaches and the continued full leap into the cloud with its securities issues - I predict that 2012 events across the privacy and data security landscape will make 2011 look like a walk in the park.  A handful of thoughts on what 2012 may hold:

THE $100 BILLION PROBLEM NO ONE IS TALKING ABOUT

When we start to talk losses in hundred of billions of dollars, it's easy for our eyes to glaze over. It's a big number. Hundreds of billions is reserved for things like out-of-control healthcare costs.

Link: http://www.forbes.com/sites/ciocentral/2012/01/02/the-100-billion-problem-no-one-is-talking-about/

DATA BREACH NOTIFICATION COULD BENEFIT FROM FEDERAL ACTION

There is growing consensus that federal legislation is needed to address the 47 different state approaches to data breach notification, but passage of a comprehensive federal bill is less than certain, experts say.

Link: http://www.businessinsurance.com/article/20120101/NEWS07/301019997?tags=|299|303|335

UNHEALTH: 2011 SAW SURGE IN HIPAA COMPLIANCE ISSUES

It's one of the less pleasant healthcare trends of 2011: information is becoming less secure while enforcement is growing more stringent.

Link: http://www.forbes.com/sites/ciocentral/2012/01/02/unhealthy-2011-saw-surge-in-hippa-compliance-issues/

3 STEPS TO PROTECT YOUR COMPANY AGAINST DATA BREACHES

Data breaches are like lightning; they will strike, but you never know where. Some breaches result from negligence, inadvertent disclosure, but many are due to malicious activity.  Thus the industry conversation has moved beyond "if" to the questions of "when," and "what is the impact?"

Link: http://www.forbes.com/sites/ciocentral/2012/01/02/3-steps-to-protecting-your-company-against-data-breaches/

ANAHEIM OFFICIAL ORDERS EMPLOYEES TO PURGE RECORDS

An Anaheim official sent an email this week to employees in the city's Planning Department ordering them to purge records deemed "old" or "unnecessary" and threatening "disciplinary action" if they did not do so.

Link: http://voiceofoc.org/oc_north/article_5c25d0c8-337e-11e1-a777-001871e3ce6c.html

STUDY: MEDICAL IDENTITY THEFT RISING SHARPLY

An overwhelming majority of healthcare providers-96 percent-admit that they have lost patients' medical data in the last two years, according to a newly released study. And the number of medical data breaches surged 32 percent in 2011, a worrisome trend as the healthcare industry pushes to digitize all medical records.

Link: http://www.credit.com/blog/2011/12/study-medical-identity-theft-rising-sharply/

TOP TEN CYBERSECURITY STORIES OF 2011

The year 2011 proved to be a busy one on the cybersecurity front, with significant attention being paid to attacks, breaches and general security issues.

Link: http://cybersecurityreport.nextgov.com/2011/12/top_ten_cybersecurity_stories_of_2011.php?oref=latest_posts

TOP 5 COMPLIANCE ISSUES INSURANCE COMPANIES WILL FACE IN 2012

Regulatory scrutiny of the insurance industry has never been more acute. Government regulators from a host of disparate disciplines are intensely focused on making sure we have the controls in place to avoid another financial meltdown.

Link: http://www.corporatecomplianceinsights.com/top-5-compliance-issues-insurance-companies-will-face-in-2012/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CorporateComplianceInsights+%28Corporate+Compliance+Insights%29&utm_content=Google+Reader

CORPORATE RESPONSIBILITY AROUND DATA BREACHES IS CHANGING

Editor's Note: Peter Guffin will be presenting at the upcoming Privacy Plus Certification Workshop in Miami on January 24-25.

Companies that were victimized by data security breaches in the past were largely able to avoid liability. But that may be changing as a host of laws has been introduced in Congress to establish comprehensive federal data security laws.

LINK: http://www.mainebiz.biz/apps/pbcs.dll/article?AID=/20111226/CURRENTEDITION/312229990/0/CURRENTEDITIONDATES

FIVE QUESTIONS TO ASK ABOUT DATA CENTER OPTIMIZATION

In a down market, many organizations look to reduce costs. One tried and true method in cost reduction is to review existing IT operational procedures in order to determine where adding efficiencies may reduce operational budget requirements.

Link: http://blogs.computerworld.com/19490/five_questions_to_ask_about_datacenter_optimization

2012 RESOLUTION: FULL DISK ENCRYPTION ON ALL COMPUTERS

Privacy rights advocates at the Electronic Frontier Foundation (EFF) are urging computer users to adopt just one resolution in 2012:  Commit to full disk encryption on every computer you own.

Link: http://www.zdnet.com/blog/security/2012-resolution-full-disk-encryption-on-all-computers/9876

ENTERPRISES NEED ENCRYPTION TO SECURE PRIVATE DATA

Concerns about data breaches and privacy violations would spur enterprises to adopt encryption and use it effectively, according to security experts.

Link: http://www.eweek.com/c/a/Security/Enterprises-Need-Encryption-to-Secure-Private-Data-151281/

THE DATA PROTECTION GAFFES OF 2011

A number of high profile organisations fell victim to sophisticated, targeted security attacks in 2011, proving that there are indeed bad guys out there trying their best to steal valuable information.

Link: http://www.information-age.com/channels/information-management/perspectives-and-trends/1682293/the-data-protection-gaffes-of-2011.thtml

PUT SECURITY BEFORE COMPLIANCE

If your business is covered by one of the many federal regulations mandating data security, you undoubtedly spend a significant amount of time ensuring that your company is in compliance. But all too many organizations are so focused on achieving compliance that they lose sight of the real goal-protecting the data.

Link: http://www.pcworld.com/article/247274/put_security_before_compliance.html

THE IMPORTANCE OF DATA CLASSIFICATION

Every piece of data is not created equal, and demands for data protection and storage capacity have been increasing exponentially. Many organizations, however, are not reacting fast enough to meet these demands.

Link: http://www.govinfosecurity.com/blogs.php?postID=1158

A LOOK AHEAD AT HEALTHCARE LAW, PRIVACY AND SECURITY

Industry experts representing healthcare law, privacy, security, regulatory and data breach were asked to forecast healthcare data trends for 2012. The overall forecast? Protecting patients' protected health information (PHI) should be viewed as a patient safety issue.

Link: http://www.net-security.org/secworld.php?id=12168

NAID ANNOUNCES RECENT CSDS DESIGNEES

More than 100 individuals have now earned the Certified Secure Destruction Specialist (CSDS) designation following the results of the most recent examination, according to the National Association for Information Destruction (NAID). The Phoenix-based association developed the CSDS program for secure destruction professionals to demonstrate their competencies in data protection legislation, secure destruction operations, physical security, records management, risk management, ethics and NAID certification.

Link: http://www.sdbmagazine.com/Article.aspx?article_id=123839

WHY INFORMATION GOVERNANCE MATTERS

(White paper download)

The chief executive officer of a large organization with multiple divisions and tens of thousands of employees across the United States is interested in minimizing the risk of lost records, reducing costs, and enhancing the ability of the organization's employees and customers to use the information and knowledge collected by the organization. The CEO asks each operating unit of the organization to update and enhance its records management policies and practices.

Link: http://www.martindale.com/legal-management/article_Mayer-Brown-LLP_1402404.htm

HOW TO SUCCEED WITH ELECTRONIC MEDICAL RECORDS

What separates those who realize the benefits of an EMR from those who don't? What are the critical success factors that can help ensure a practice's switch to EMRs is truly transformational?

Link: http://blog.softwareadvice.com/articles/medical/how-to-succeed-with-electronic-medical-records-8-tips-from-real-users-1010512/

STORAGE MANAGEMENT: 10 FACTORS THAT WILL IMPACT IT PROS IN 2012

A number of IT companies survey their customers and potential customers regularly to keep a handle on important new business requirements and trends, so they can update their products accordingly. Storage and information management software provider CommVault has released the results of its annual IT Spending Predictions Survey, detailing the storage purchasing plans, priorities and pressing issues facing IT organizations in 2012. One of the key points made in the survey is that IT storage pros will be walking a tightrope as they try to balance the need to drive projects to fruition while managing and protecting increasingly massive amounts of data.

Link: http://www.eweek.com/c/a/Data-Storage/Storage-Management-10-Business-Factors-That-Will-Impact-IT-Pros-in-2012-181588/

 

Records imaging and Information Management News January 3, 2012

  
  
  
  
  

IN THE RECORDS STORAGE NEWS

EU: NEW DATA PROTECTION LAWS COULD CAUSE PAIN FOR BUSINESSbox storage

THE NEW YEAR is expected to bring sweeping reform to the European Commission's pan-European data protection legislation and has been heralded as the first significant update of data protection since 1995.  http://www.accountancyage.com/aa/opinion/2134656/protection-laws-cause-pain-businesses

BIG DATA, BIG ATTRACTION FOR ORGANIZED CRIME

As we wax on about the wonders of big data, Goodman reminds us "the more data you produce, the more criminals are happy to receive what you produce."

Link: http://www.readwriteweb.com/cloud/2011/12/big-data-big-attraction-for-or.php

THE SIX WORST DATA BREACHES 2011

If you're looking for the biggest breaches of the year in terms of numbers affected, you can find them over on DataLossDB.org or in others' reviews. Certainly there were some really big breaches this year, but those were not necessarily the worst, in my opinion. So here's my short list of the year's worst breaches involving personally identifiable information. In chronological order:

Link: http://www.databreaches.net/?p=22406

BACKUP TAPES AND ARCHIVES BURSTING AT THE SEAMS?

Just like Marilyn Monroe stopped traffic in her white dress in The Seven Year Itch, enterprises are being stopped dead in their tracks by the data explosion, lack of information governance policies and overstuffed IT infrastructures.

Link: http://bit.ly/unWQkk

THE YEAR IN BIG DATA AND DATA SCIENCE

Big data and data science have both been with us for a while. According to McKinsey & Company's May 2011 report on big data, back in 2009 "nearly all sectors in the U.S. economy had at least an average of 200 terabytes of stored data ... per company with more than 1,000 employees."

Link: http://radar.oreilly.com/2011/12/big-data-data-science-2011.html

ENTERPRISES NEED PROPER COMPUTER DISPOSAL POLICIES TO PROTECT SENSITIVE DATA

A new computer, mobile device or other IT equipment generally requires some effort setting up and migrating data. Enterprises also need to spend the time making sure the data is completely removed from the equipment as it is replaced.

Link: http://www.eweek.com/c/a/Security/Enterprises-Need-Proper-Computer-Disposal-Policies-to-Protect-Sensitive-Data-191175/

DIFFERENT DEGREES OF BREACH RESPONSE

A federal appeals court recently ruled in favor of victims of the 2007 Hannaford data breach. According to this ruling, some victims of the payment card breach at Hannaford, a supermarket chain, can sue for damages resulting from the costs of card replacement, theft insurance and other "reasonable" mitigation efforts. This decision partially overturns a district court ruling that dismissed 26 individual lawsuits against Hannaford, a northeastern U.S. grocery chain.

Link: http://www.govinfosecurity.com/articles.php?art_id=4360

 ANONYMOUS HACK ON STRATFOR COMPROMISED 50K CREDIT CARD NUMBERS

The Christmas Day hack attack on the website of think tank Strategic Forecasting Inc. (Stratfor) may have affected some 50,000 people and compromised some 50,277 credit card numbers, a data protection firm said.

Link: http://www.gmanetwork.com/news/story/242934/scitech/technology/anonymous-attack-on-stratfor-compromised-50k-credit-card-numbers

DATA DILEMMA

When it comes to storage infrastructure, few topics have been more talked about in 2011 than the phenomenon of 'Big Data' -- the exponential growth of data -- largely off the back of the huge transactional systems which underpin global commerce -- which must be stored, backed up and archived.

Link: http://news.idg.no/cw/art.cfm?id=729C1D73-CEA7-33E5-8AE059DA7DEC783D

2012 INDUSTRY TRENDS, PERSPECTIVES AND COMMENTARY

Addressing storage woes at the source: Time to start treating the source of data management and protection including backup challenges instead of or in addition to addressing downstream target destination topics.

Link: http://www.sys-con.com/node/2112680

FINDING THE CLEANUP CREW AFTER A MESSY HACK ATTACK

In the messy world of computer security breaches, Kevin Mandia is something like the Wolf. Mr. Mandia has spent his entire career cleaning up problems much like the recent breach at Stratfor, the security group based in Austin, Tex., that was hacked over the Christmas weekend.

Link: http://www.nytimes.com/2011/12/30/technology/hacker-attacks-like-stratfors-require-fast-response.html?_r=1

AMID WIDESPREAD DATA BREACHES IN CHINA, E-COMMERCE COMPANIES REASSURE USERS

This week has been absolutely filled with hacking news from China as CSDN, Tianya, Netease, and 360Buy were among the major internet entities which we learned have fallen victim to data breaches. And there were more reports swirling last night that two of China's e-commerce giants had experienced data leaks as well.

Link: http://www.penn-olson.com/2011/12/30/alipay-hack/

 

All Posts