Best Practices for Information Retention and Maintenance

Leading global technology companies have announced the formation of the Compliance and Management of Electronic Information (CMEI) Working Group. As part of the Internet Law & Policy Forum (ILPF), the CMEI Working Group will work with both public and private sector representatives, as well as other industry groups, to create a global, cross-industry framework for managing electronic information for compliance.

Hitachi Data Systems, HP, Network Appliance, Open Text, Oracle, Plasmon, Sun Microsystems, and VERITAS Software Corporation will provide guidance on best practices for companies working to comply with information retention and maintenance regulations. Additionally, the group will offer counsel to legislators regarding technical and business challenges of regulatory compliance and facilitate information exchange between business, technology, and regulatory bodies.

AMR Research predicts that companies will spend $6.1 billion in 2005 just to comply with the Sarbanes-Oxley Act, which is in addition to the resources already committed to retention and maintenance requirements found in US federal, state, and international law. The rapid growth of regulation, combined with the ambiguity of many of the requirements, has made compliance not only difficult and expensive, but also in some cases impossible.

For example, a financial institution based in the US with offices in the UK is required to comply with both US data regulations and UK data laws. Under US law, companies must retain all records, including customer data, for seven years. In the UK, a company must immediately destroy all customer information when the customer terminates his relationship. No matter what the company does, it will violate one of these laws.

As a result of market conditions, legal concerns, and regulatory requirements, companies, technology vendors, and regulators are facing specific challenges, but there is common ground when it comes to compliance:

  • Regulators want to raise the levels of compliance as quickly as possible
  • Companies want to minimize the risk of non-compliance
  • Technology vendors want to provide solutions that help customers address regulatory requirements

“Global businesses and legislators are working diligently to make universal regulatory compliance a reality,” said David Yockelson, executive vice president, META Group. “Having this broad base of technology vendors working together to help facilitate discussions about compliance and provide advice around best practices is a valuable asset for stakeholders on all sides of the compliance issue.”

The CMEI Working Group will develop and publish best practices, checklists and summaries of legal and regulatory requirements to provide compliance guidance. Additionally, the group will hold a series of forums where technology vendors, regulated entities, government leaders, and policy experts can discuss the impact of law on end users and develop recommendations and guidelines that will facilitate compliance while allowing companies to continue effective business operations.

The ILPF is a non-profit organization that provides a neutral forum for challenges posed by the Internet on law, policy, technology and businesses worldwide. Beyond the CMEI, the organization hosts working groups focused on spam, self-regulation, security and policy, content liability, electronic authentication, and jurisdiction.

The CMEI site will host documentation on best practices for information retention and maintenance regulations, provide counsel and exchange information with various businesses, legislative bodies, and regulatory agencies in various workshops, and publish checklists and summaries of legal and regulatory requirements for interested companies. The working group’s intention right now to offer its downloadable items from its web site for free. For more information, please see www.ilpf.org.