Here’s a fascinating story about a court case involving data retention you need to read. And pass it along to your management as well. It talks about how businesses aren’t doing what they need to be doing with regard to data retention and how decisions are being made for us by the courts.
Interestingly most businesses I come across (large and small) don’t have any semblance of a data retention policy in place – much less do it well. Or they have their in-house legal counsel in charge of it often resulting in nothing more than a piece of paper saying what’s supposedly being done (but usually isn’t) and management signing off on it under the assumption that all is well in IT-land. It’s the same issue I talk about in this recent article I wrote for SearchCompliance.com:
Why it may not be ideal for your lawyer to be your compliance officer
Maybe it’s time for business managers to stop hiding behind their “talk” and start doing something about this stuff before something negative comes of it…We’re often presented with the opportunity to make decisions. If we choose not to, they’re going to be made for us.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”