The latest on electronic records best practices; e-discovery & litigation support; email security & authenticity … plus shameful acts of data tampering.Power of Proof Newsletter - April 2008
In this Issue
Surety Introduces AbsoluteProof for Microsoft SharePoint
The Challenge: Data Protection. How Do You Ensure Your Information Stays Secure?
Customers Cite E-Discovery Best Practices
E-Mail is the Biggest Content Security Concern for Corporate America
E-Discovery Best Practices – The IT Perspective
Four Rules for Keeping Electronic Notorial Records
In Post-Enron Era, Email Governance Still a Challenge
IT Security and Record Management in Healthcare
Surety Introduces AbsoluteProof for Microsoft SharePoint
Surety, LLC announced the release of AbsoluteProof® for Microsoft SharePoint, a lightweight, automated software solution that Seals and authenticates records in Microsoft Windows® SharePoint Services and Microsoft Office SharePoint® Server. AbsoluteProof for Microsoft SharePoint provides third-party validation of the time, date and content integrity of an electronic record, enabling SharePoint users to prove the authenticity of their electronic records in order to legally defend their organization's intellectual property.
Learn more about AbsoluteProof for Microsoft SharePoint
The Challenge: Data Protection - How Do You Ensure Your Information Stays Secure?
Processor
A data center does not exist without data. This may be more obvious than “A rose is a rose is a rose”; nevertheless, it amplifies why data protection may be one of the greatest challenges IT faces.
Much of the challenge has to do with the nature of what data protection involves. It isn’t just data security or backup and recovery. It encompasses regulatory compliance, disaster recovery, and the ongoing accumulation of information, among other things. Where do you physically store it? How do you go about moving it or protecting it? From whom do you protect it, for that matter? And why do you even need it?
…
If data gets into the wrong hands, you risk it being vandalized. Tom Klaff, CEO of Surety, a content security solutions provider, says that any type of record that is kept in electronic form is a valuable strategic asset and can lead to financial and legal consequences if it isn’t properly authenticated.
“Imagine someone—intentionally or not—changing a chemical name in a scientist’s electronic lab notebook,” says Klaff. “That change alters the entire formula and negates the time and energy put into the potentially valuable invention. It’s not hard to imagine thousands of ways in which the simplest data alterations can lead to numerous headaches for an organization.”
Customers Cite E-Discovery Best Practices
Byte and Switch
Time and time again we’ve seen articles that discuss the vast number of companies that are not familiarizing themselves with e-discovery, whether it’s because they don’t understand the concept or because they find it too difficult to get their heads’ around. However this time we’re highlighting a piece that focuses on the opposite: companies that have in fact implemented e-discovery practices within their own environments. After all, it has been more than one year since the Federal Rules of Civil Procedure have been updated, and business leaders have a lot to say about what works and what doesn’t. Here are some of their words of advice:
Make email archiving a priority: Don’t wait until it’s too late to have a system in place.
Don't assume your e-discovery needs are static: Your level of litigation readiness won’t be sufficient forever.
Explore storage options: Don’t just stick to what you’re always done.
Be vertically aware: Understand the trends and requirements of your industry.
Read the article
E-Mail Is The Biggest Content Security Concern For Corporate America
ECM Connection
Do you catch yourself scratching your head wondering how to effectively keep your company’s emails safe and properly managed? If you’re like the majority of the working population, you probably are. According to a recent AIIM Market IQ survey on Content Security, email has become the biggest content security concern for businesses. According to the article, the three main roadblocks to implementing solutions include “…lack of understanding, complexity of solution and user resistance.”
However, that’s no reason to sit back and hope that nothing goes wrong. Instead, take advantage of AIIMs Email Management Certificate Program where you’ll learn the best practices of controlling corporate emails and the necessary steps of preserving them.
“The industry needs a better understanding of best practices for improving the control of corporate emails” says John Mancini, President of AIIM. “This is why we have invested in documenting best practices for email management amongst our 50,000 Associate and Professional members, and I am very impressed with the content of our new Email Management Certificate Program”.
E-Discovery Best Practices: The IT Perspective
Ferris Research
We all know that e-discovery is becoming a common courtroom topic thanks to the increased occurrence of emails, instant messages and word processing documents. However, we doubt IT departments would have imagined the large role that they now have to play in the process. Because electronically stored information (ESI) is becoming so complicated, IT departments are now expected to actively participate in the litigation process.
With that said, a recent report by Ferris Research discusses the problems with-discovery laws and the best practices that are attached to them. Included in the report are actions that IT departments should take in response to this. These topics include:
The established discovery process in federal courts Recent updates to American litigation procedures providing for e-discovery The biggest problems of e-discovery Best practices for e-discovery: recommendations on what organizations should do to address the challenges of e-discovery
Four Rules For Keeping Electronic Notarial Records
National Notary Association
The National Notary Association staff highlights four specific rules to follow when retaining both paper and electronic notarial records:
Whether it’s electronic or paper, always follow best practices and state laws. If used, an electronic journal must be protected against tampering and unauthorized access. When recordkeeping, Notaries should select one method and not alternate entries between a paper and electronic journal. State law should not force a Notary to use an electronic journal.
In Post-Enron Era, E-Mail Governance Still A Challenge
InformationWeek
Everyone knows that the world is beginning to go digital, however why are so many companies procrastinating the adoption of retention policies? With the volume of emails growing out of control in some places, for example, it’s critical that companies take the time to form an action plan detailing how to properly manage it all.
"The cost of compliance is rapidly rising, and ad-hoc efforts to address compliance haven't really succeeded," said Chris Bradley, marketing chief of MessageGate.
We find this interesting to know, considering the fact that compliance rules were put in place to help companies save themselves from future litigation headaches. So why not show some appreciation and establish a few ground rules now to prepare for battle?
We think Bradley sums our thoughts up well: "Rather than keep your head in the sand," concluded Bradley, "companies need to start applying policies and prepare for the inevitable."
IT Security and Record Management in Healthcare
The Healthcare IT Guy
Dr. Zachary Peterson, senior security analyst at Independent Security Evaluators, discusses benefits associated with electronic health records (EHRs), but also takes the time to recognize the trouble spots. Although EHRs can save time and improve quality of care, there are also risks involved . As Peterson points out, records can maliciously be tampered with, crating all sorts of trouble for both patients and healthcare providers.
Peterson's article highlights three areas electronic records must meet for compliance with the well known Health Insurance Portability and Accountability Act (HIPAA):
“Available means that all records must be accessible in real-time — accessing tape archives from a distant warehouse is unacceptable. This may require an organization to manage their own on-site storage system, and furthermore, retain a staff who knows how to manage it.
Private and confidential means data is accessed with fine-grain controls and that data are protected from unauthorized disclosure and use — both in transit between provides and at rest on an entity’s system. Most existing compliance systems achieve this by providing only a policy-based interface, but can make no guarantees should data become lost or stolen. Systems must provide privacy and confidentiality through encrypted storage and data transmission. By correctly using encryption, systems may meet both the explicit encryption requirement of the HIPAA Security Rule and the access control requirements of the HIPAA Privacy Rule. Further, encryption can be used to permanently delete data, for example, when a patient requests a redaction under the HIPAA Privacy Rule.
Lastly, systems must also employ authentication, meaning data are accurate and modifications are impossible to dispute. The HIPAA Security Rule requires a verification of the "accuracy" and "integrity" of electronic records. While encryption provides privacy from unauthorized intrusion and disclosure, it alone cannot guarantee the accuracy or integrity of the data. Without authentication, there is no way to verify that the result of a decryption is the same as original, unencrypted data. Authentication can also provide a way to bind an individual to their data modifications, making repudiation impossible.”