Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Brian Babineau

Who will be the 'Enron' of Information Privacy?

4 comments

IT TOPICS:Storage

In 2002, ESG unveiled our research on "Regulatory Compliance and It's Impact on IT." This study culminated 18 months of meetings with regulatory agencies, IT professionals, and corporate attorneys. At the center of the study were record retention regulations and the transition of storing traditional corporate records on paper to electronic media. There were several catalysts for this transition: corporate scandals (Enron, Arthur Andersen, MCI Worldcom, Global Crossing, Qwest), more business was being conducted electronically (e-mailing your stock broker), and general business efficiency (Electronic Medical Record Program).

Two weeks ago, Enron leaders (I use that very loosely) Mr. Lay and Mr. Skilling were found guilty on a host of fraud and malfeasance counts. Sentencing, ironically, is scheduled for September 11, 2006. September 11 also set into a motion a series of events, most notably, the Patriot Act that impacted digital information management.

However, as Mr. Lay and Mr. Skilling await their fate, I believe that the IT world may get a breather from the record retention mayhem that plagues their budgets. Unfortunately, there are other events that are gaining attention in the press that I believe will create a shift in IT spend. Recently, 26+ million United States military veterans found out that their personal information was experiencing some freedom of its own after a laptop containing it was stolen. There are several other examples to go along with this one; Fidelity lost control over HP pension fund participants' person information and Bank of America lost backup tapes that contained credit card information of several U.S. Senators.

Ironically, just before the recent U.S. Veteran's fiasco, ESG published a research report "Protecting Confidential Data." This outlines some of the measures, or lack thereof, that organizations are using to secure personal information of their customers and employees. I cannot help but think back to the research we did in 2002 and the frame of mind it created for the entire ESG team. We were trying to identify the one event that really spurred IT spending for record retention. Enron was the perfect storm because the U.S. Congress drew up Sarbanes-Oxley faster than the Houston Astros contract team can assemble terms for Roger Clemmens every year in late May. Arthur Andersen literally tried to shred its association with Enron but they could not pay interns and Xerox employees fast enough to create piles of confetti. And, electronic discovery of business records, especially e-mail between Enron executives, auditors, bankers, were critical components to the conviction of Mr. Lay and Mr. Skilling.

As a result of Enron, we now have record retention regulations, corporate governance rules, and attorneys are looking in e-mails to find "smoking guns." In some cases, IT benefited. All of sudden, budgets were made available to buy e-mail archiving software, financial reporting applications were upgraded, and other compliance related projects were funded, easily. The downside for IT was that they became an integral part of financial audits, electronic discoveries, and business process projects.

As I re-read our research on Confidential Data, I am trying really hard to decipher whether the loss of U.S. Veteran's information will be Enron of the information privacy era. If it does, IT can expect a very similar cycle to that of the Enron era. Funding will be easy to find for information security software and related systems. More than likely, every piece of sensitive data -- from social security numbers to employee's addresses -- will be encrypted. Unfortunately, IT will also find itself designing several business processes to prevent any unauthorized access to confidential data. This means regular meetings with business leaders whose departments' applications create and store this form of information.

The way I see it, the verdict handed out in the Enron trial closes a chapter in IT where compliance-related purchases to support electronic record retention regulations. A new chapter, a one where information privacy will be top of mind and make headline news, will impact IT departments for the next 3-4 years.

Email this

Digg this

What People Are Saying

Add new comment

I could get into a lot of

Submitted by Larry Medina on June 12, 2006 - 12:05 P.M.

I could get into a lot of specifics here, but chose to post my response here instead

http://www.computerworld.com/blogs/node/2741

Larry

Larry Medina, Danville, CA

Records and Information Management Professional

Report this comment

I'm sort of hoping we will

Submitted by Steve on June 8, 2006 - 12:59 P.M.

I'm sort of hoping we will see a silver lining out this vanishing laptop plague. One of the biggest reasons Identity Theft is such a problem is because the credit issuers consider a small bundle of easily obtained information to be proof positive of a person's identity. Maybe the credit issuers will finally start to realize that way too much of this information is compromised to trust it alone.

What I'd like to see is the credit issuers refusing to grant credit without an in-person application at a trusted facility, most likely a bank. Instead of mailing in the credit app, or applying online, you have to physically show up at the bank and present your application. A digital photograph is taken and becomes part of the application package. Even if a bad guy manages to forge credentials using someone else's ID information, he still has to present his face to the camera. This alone would greatly increase the bad guy's risk factor, and significantly reduce the potential for gain.

I suspose some of the more extreme privacy advocates may take issue with the photograph. Given all the other personal information that is already in a credit application this doesn't seem like much more to add.

Report this comment

The incidents cited in the

Submitted by Matthew Neuman on June 8, 2006 - 8:52 A.M.

The incidents cited in the article illustrate a lack of information assurance processes,more than problems with record retention. The VA, Bank of America, and many other information security incidents occured because these organizations did not have an adequate information assurance process in place to manage the confidentiality, integrity and availability of electronic information. Enforcement of existing laws, such as GLBA and HIPAA would be a good way to start if we want to ensure secure record retention. More importantly it would help ensure the security of confidential personal information.

Report this comment

anyone considering this as a

Submitted by William J. Jones on June 7, 2006 - 12:07 P.M.

anyone considering this as a new requirement must be very new to the IT field. Record retention requirements have existed for a very long time and they should not come as a surprise requirement / activity...planning is supposedly something we in the IT field are familiar with...planning always included record retention periods...yep, you must be new to the IT world...

Report this comment

Shopping for single platter hard drives - Part 2

Los Angeles goes Google; dumps GroupWise; shuns Microsoft; ignores IBM

Shopping for single platter hard drives

Yahoo GeoCities closes on Oct. 26

Data Protection is not an insurance policy -you cannot buy-back lost data
Find out why you need to maintain access to critical information to run your business and remain competitive.

Essential Archive Requirements for E-Discovery
Register Now!

Strategic ECM Webinar
Learn what new strategic business benefits can be realized through ECM!

CIO Strategies for the Retention and Deletion of Email
Register Now!

Rethinking Business Continuity and High Availability in Storage - HP and Forrester Pre-Recorded Webcast
Download it.

All White Papers | All Webcasts

Computerworld Reports

SCSI Inflection Point: The New Era of Serial Attached SCSI

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Brian Babineau's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

Return on Information: Google Enterprise Search pays you back. Get the facts.

How Do You Rank as an Innovation Leader? Download Recent Study.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

Stay informed with custom newsletters from Tech Dispenser

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial

Play NetApp's New Data Defense Game.

Take the Netezza TwinFin TestDrive!

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

Who will be the 'Enron' of Information Privacy?

What People Are Saying

I could get into a lot of

I'm sort of hoping we will

The incidents cited in the

anyone considering this as a

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Brian Babineau's Archive

IT Topics

Sponsored Links