- Do you really know what you have? Is your taxonomy consistent across the enterprise, and is it the same inside and outside the firewall? Are all indices up to date and inventories current? Is the metadata consistently recorded so searches are productive?
- Do you regularly test for access to Electronically Stored Information (ESI), sampling the storage media for degradation and the files for corruption?
- Is ESI regularly migrated so 1) File formats and operating systems remain current, and 2) There are compatible drivers to display and/or print aging files?
- Does each structured data system have an active administrator who knows how to produce data and maintains the passwords/encryption keys?
risks in the Cloud are explored in the previous post of PositivelyRIM. Cloud storage is so easy to set up (and
company policy may not regulate it) that Cloud accounts can up go ad hoc, with little attention to
potential security gaps
- Consider social media: Are posts, Blogs, Tweets, comments, and other communiques records? Do they need to be captured? Technically, can they be captured and managed? Can they be secured? Can the records be removed and disposed, according to a retention schedule?
- Consider mobile apps: Do they collect and store records? Can those records be managed and disposed at the right time? If the records can be disposed, are they really scrubbed from the servers? Can Legal Counsel help write contract language for the mobile app host to enable management of mobile records?
- In an era of Bring Your Own Device, IT is well aware of the security risks. But do they understand what mobile-device records need to be captured, retained, and disposed? The next Pirates of the Caribbean movie is entitled “Dead Men Tell No Tales”. Does IT realize that “Dead Records Tell No Tales”?
-- Know what you have, protect and manage it.
-- If you don’t know what you have, you can’t tell what is stolen.
-- Lost records are as useless as stolen records.