Records retention has been heating up in storage lately as new laws and new tools hit the market, from the Federal Rules of Civil Procedure (FRCP) to a new crop of Software as a Service email storage and data archiving players. However, some experts think this may still be the calm before the storm when it comes to compliance requirements.
According to Brian Babineau, analyst with the Enterprise Strategy Group (ESG), his firm is currently focused on two bills that have been registered in the U.S. House of Representatives and are waiting for debate, known respectively as H.R. 4127 and H.R. 3997.
The two bills were originally introduced to the 109th Congress in an effort to federalize data breach laws already passed by several states, the most famous of which is California's SB 1386, which requires companies that suffer a data breach to notify all California-based customers that their data is at risk. Other states, including New York, have followed suit, but there is not a federal standard for security breaches, yet.
Now tagging along with these laws are even more new provisions for individual data privacy that some in the industry believe could be a step toward the European Union's (EU) standards for data archiving. Currently, the closest regulation the U.S. has to an EU-style data archiving and privacy law is the Health Insurance Portability and Accountability Act (HIPAA), which dictates retention periods and privacy standards for healthcare organizations. That type of multidimensional data management could also be coming to other types of data archives if either of the two data security bills passes.
In particular, H.R. 4127, which is the most popular with consumer advocacy groups, gives consumers the right to see and dispute or correct the contents of data broker files annually.
It's an issue that companies have already begun to wrangle with overseas, according to Dave Hunt, CEO of C2C Systems Ltd., a British company that makes email archiving software.
European laws require each end user to "opt in" to email archiving, and users can demand that certain items be deleted from company archives. According to Hunt, one customer of C2C's software in the U.K. recently had to completely shut down its data archiving scheme while it figured out how to securely delete messages from a balky end user.
"I believe that similar laws are coming to the U.S.," Hunt said, citing HIPAA as an example. "More and more American companies are going to have to worry about these things and many already are if they have a global business."
In response, C2C has shunned single instancing for messages in its archive. "Under these kinds of regulations, you might want to be able to delete messages from certain users' archives only, or delete them from end-user search, but not from the archive itself," Hunt said. With the newest version of its product announced this week, C2C has also added a laptop client that archives an individual user's Outlook mailbox while it's running in cache mode, allowing archived messages to be accessed online and allowing the user to keep track of what content has been archived on his behalf.
To Continue Reading: Click Here
Source: Search Storage News
By: Beth Pariseau