data destruction

File archiving may be better than deleting

Mon, 23 Apr 2007 20:01:39 -0400

We've talked a bit about data destruction. Obviously if you are going to delete data, you had better delete it with compliant methods. But the decision to delete is getting a bit more cloudy. Sarbanes-Oxley, HIPAA and other laws were fairly clear on the types of data to be stored. The compliance wildcard is the recent set of changes to the Federal Rules For Civil Procedure. That has raised the bar significantly by basically requiring storage of data that may be required in a future court proceeding. So some would argue that the safest approach is to err on the side of saving. That raises the issue of how. This requires some thought. It always makes sense to automate but that might require some customer software or at least some reprogramming. There are all sorts of hard drive options. Physical storage is also an issue. You certainly don't want drives laying around the basement floor.

For more:
- here's an article from ComputerWeekly

Don't overlook data destruction issues

Mon, 16 Apr 2007 20:01:39 -0400

Many people assume that Section 302 control requirements cover not only data storage but also data destruction. So as you retire old servers and other IT assets, you have to start worrying about how to securely destroy all the data. The last thing you want is for stray information to end up in the wrong hands--or in the news. Chances are you haven't thought much about this. Clearly, an ad hoc policy is dangerous in this era, so you may want to put together a firm policy. Most people say that true data destruction goes beyond hard-drive wiping. Some prefer to wipe hard drives and then deliver them to a third-party and actually witness the pulverization. Some firms will allow customers to watch the destruction remotely over various links. Some rely on "storm cases" to house the drives in transit. All this is worth thinking about--and it could be fun for the IT team.

For more:
- read this InfoWorld article

ALSO NOTED: Are you ready for e-proxies?; Firm launches new secure data destruction tool;

Mon, 09 Apr 2007 20:01:38 -0400

> Citigroup has decided to streamline its compliance operations. The bank was forced to really staff up due to some regulatory issues but now wants to rationalize it all. Makes a lot of sense. Article

> Are you ready for e-proxies? It will allow companies to save a lot during proxy season. New rules take effect July 1. Article

> Even Michael Oxley is unhappy with his law. He blames the PCAOB. Article

> Interesting compensation tidbits from proxies. Article

> SEC names Richard Sennett new chief accountant. Article

> Columnist says Chris Cox shares blame for exodus of listing with Sarbanes and Oxley. Column

> Firm launches new secure data destruction tool. Release

> Are more Fair Funds distributions in the offing? The SEC is going after Tenet Healthcare. It wants funds placed into a Fair Fund for distribution to harmed investors in accordance with Sarbanes-Oxley. Article

And finally... A funny Sarbox-related April Fool's day joke at Sun Microsystems.