Recent legislation, in the USA at least, would indicate that the need to archive ALL messaging content for extended periods may have to become commonplace over the next few ....well NOW! For example the NASD recently told all its members, and that means all US securities firms, that it must keep Instant Messaging logs for three years, i.e. treat it the same as email. The assured centralised policy enforcement issue also came up at the same time, which means companies can not just rely upon the individual user to set the standards or to make decisions as to what gets archived. This is critical as most IM systems don't allow for centralised control, they are seen as consumer/individual tools, and many of the email archiving solutions in the market today rely on the use of email-client plug-ins. e.g.KVS's KVault. This must bee seen to be a serious flaw in their offerings.
Related linksemail archivingemail as evidence, an article by Robert Campbell and Stephen MasonArchive-itNews article in InfoWorld by Scarlet Pruitt, IDG News Service
posted by Robert Campbell 8:57 PM
WASHINGTON - The U.S. Federal Trade Commission (FTC) has settled a case with clothing and accessory vendor Guess, in which the agency accused the company of not taking appropriate measures to secure its Guess.com Web site. The judgment was all about the misleading claims made by the retailer about the security it afforded it's web site visitors. They, Guess, said they took all reasonable measures to protect the information given to them by their on-line customers but they did not, got hacked, then got caught! The company is now subject to several compliance orders imposed upon it by the FTC, including the requirement for it's security measures to be independently audited on a regular basis. Other provisions in the FTC's order include the requirement for the company to retain document relating to it's compliance for a period of 5 years.
While this article relates to actions in the USA, we believe this kind of regulatory compliance is also appropriate here in the EU, and it would be hard for a company to defend itself from actions brought about by someone suffering from identity theft after using an e-commerce site. ®©
Related Links
Recent legislation, in the USA at least, would indicate that the need to archive ALL messaging content for extended periods may have to become commonplace over the next few ....well NOW! For example the NASD recently told all its members, and that means all US securities firms, that it must keep Instant Messaging logs for three years, i.e. treat it the same as email. The assured centralised policy enforcement issue also came up at the same time, which means companies can not just rely upon the individual user to set the standards or to make decisions as to what gets archived. This is critical as most IM systems don't allow for centralised control, they are seen as consumer/individual tools, and many of the email archiving solutions in the market today rely on the use of email-client plug-ins. e.g.KVS's KVault. This must bee seen to be a serious flaw in their offerings.
Related links
2003 Global Security Survey from Deloitte Touche Tohmatsu published earlier this week includes the results from interviews with 80 senior IT executives of the 500 largest global institutions and an analysis based on their current practices. Over a third of those interviewed reported some form of security breach during the past year. The most interesting point for us was the fact that their were more reported external attacks than internal breaches. It is a widely held belief that most, often quoted as 90%+, of security breaches are said to come from within an organisation. Some interesting regional splits were uncovered too.
EMEA seems to have "exposure and compliance to rules and laws" as top of their agenda while APAC sees "laws and regulations
related to privacy compliance" as their main driving force. The report really does make interesting reading. ®©
Related Links
