Trustworthy Records

(22/09/2003)

A great deal has been written recently about a range of archival storage technologies, but very little is being said about how these technologies should be properly integrated into a long-term data storage strategy.

Many people consider archival storage as an issue confined purely to the IT department, but it reaches far beyond. Indeed, there are considerable legal and business implications to the retention of important corporate and governmental records. As a result, government agencies, industry regulators and corporations have recently introduced a flood of new regulations and guidelines controlling the storage and management of records. For example, financial institutions are now required to keep mortgage loan files for up to ten years after the loan has been repaid. Some medical records must be stored throughout the life of the patient and government institutions are now required to keep certain records for up to 50 years and some are even to be made permanent in the National Archives and Records Administration.

Regulations typically specify retention times and requires that records be authentic, unaltered, readily accessible, dated and in a readable format. Some regulations also mandate a duplicate copy of all originals to be saved in a different geographical location to protect the data from catastrophic site failure.

Businesses are expected to comply with these new laws and regulations, but this is no small task. Not only must they physically store the records, but many regulations demand that a full history or audit trail be maintained to clearly document where changes have been made. When called upon, they must also be able to map out a ‘corporate memory’ of activities and events that have been important to the history of the company (such as contracts, agreements, customer records, design specifications, emails), have affected past decisions and continue to influence the running of the organisation into the future. The over-riding requirement is that vital records satisfy the legal definition of authenticity and can be deemed accurate, reliable and trustworthy.

The introduction of these new rules have led to very costly penalties and, in some instances, have resulted in high visibility court cases that have seriously damaged corporate reputations. Five international brokerage houses were recently fined $8.25 million for inadequate email archive procedures and a major corporation was fined $1million for destroying court ordered records. These examples demonstrate just how disruptive and expensive the mismanagement or loss of vital records can be. How can companies ensure that the archiving of electronic records meets the requirements of their industry and keeps their company on the right side of the law?

The key to addressing these demands lies in the development of a proactive archive strategy. Archive storage is often overlooked until a crisis is looming, at which stage many IT Managers respond by adding more magnetic disk or by purchasing another tape drive. This approach will not meet the requirement for a long-term, trustworthy archive and puts the company at risk of prosecution if vital data can not be produced when required. An archive strategy consisting of hardware, software and process accountability should be planned carefully to make sure the information being saved is well within any legal or corporate guidelines.

The initial stage of the planning process is to identify exactly what needs to be done to ensure that records are authentic when stored and retrieved. It’s no good being able to store information if you can’t access it in 5-10 years when the organisation is called upon to deliver important historical information. Equally, it is no use to anyone if the records can be retrieved, but the integrity of these records can not clearly be established. Either of these failures can result in serious legal and business consequences.

One key element in establishing archival storage trustworthiness is to select the correct storage medium for the task at hand. Since there are dramatically different site requirements, no one storage technology will fit all archive environments. Optical, tape and even magnetic disk storage has a place in the archive equation. However, it is critical for companies to consider the demands of their business before listening to hardware vendors that may be trying to force-fit their technology into the archive space. The wrong choice could prove very costly indeed.

Article exclusively contributed to Security Park by Steve Tongish, Marketing Director (EMEA) of Plasmon Data Ltd

Related topics:  Security industry 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources