RSS Alerts

Related Links

  • Kroll Ontrack
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Cloud providers must provide security guarantees
    Cloud computing service providers have yet to address enterprise concerns around data security, according to CA and Symantec.
  • Infosecurity webinar predictions become reality
    Predictions made by Professor Peter Sommer, a leading IT forensics specialist, in a Check Point-sponsored Infosecurity webinar earlier this week, have become reality with the release of a report at a conference in Prague.
  • Government to toughen Data Protection Act
    New sanctions will be added to the UK’s Data Protection Act for serious breaches, the chancellor Alistair Darling told parliament on 17 December.
  • ICO asks UK to criminalise severe data breaches
    The UK information commissioner’s office (ICO) has asked the government to make serious breaches of the Data Protection Act a criminal offence, rather than attracting fines as at present.
  • Comment: Securing web 2.0 in the workplace
    Simon Morris, research and development director at Pentura looks at how the adoption of web 2.0 makes the job of keeping email and the web free from attacks, malware and spam even more difficult. Yet, simply closing access to unapproved tools can be short sighted as unhappy employees drift to rival businesses with more enlightened policies

News

Document retention policies lacking in companies says survey

23 October 2009

Research just released by Kroll Ontrack claims to show that UK and US companies are failing to get to grips with their electronic document and data retention policies.

And, the report authors said, the security and data integrity issue - which Kroll calls electronic stored information (ESI) management - is not getting any better.

The problem, Martin Carey, UK managing director with Kroll Ontrack, told Infosecurity, is that companies are simply not aware of their need to retail digital information and documents, especially when a court case involving evidence stars up.

"A sizeable number of companies store their paper records for the required period of time, but our research found that a large number of firms are unaware of their requirements for electronic documents," he said.

"When a legal case starts, there are clear rules, stemming from a change in the court rules in 2005, since when it has become a requirement for a company to keep its electronic documents for an extended period, whilst a court case is in progress," he added.

Kroll's research of 230 UK companies suggests that, whilst a strong majority of UK companies have a (paper) document retention policy, only 41% for firms have an ESI discovery readiness strategy.

This gap, says Kroll Ontrack, highlights a serious risk and a false sense of security that the existence of a document retention policy is adequate to protect organisations when litigation or other events requiring ESI strikes.

This, the third annual poll of its type by the computer forensics specialist, found that 14% of UK companies strongly agree their ESI discovery policy or strategy is repeatable and defensible.

However, only 39% of UK firms have a mechanism to preserve potentially relevant data when litigation or a regulatory investigation occurs.

Without an identified means to suspend the expulsion of potentially responsive data, Kroll Ontrack said that many companies are not positioned to execute proper preservation protocol or claim their ESI discovery readiness policy is effective.

"Policies are only effective when they are kept up-to-date to include the tools, devices and communications their organisations are utilising," said Carey.

"Sound planning does not stop with document retention and discovery readiness policies. In today's environment, data security risks must be taken into account and addressed in a company's document retention and ESI discovery readiness policies and strategies."

A copy of the report can be downloaded from Kroll's website...

 

 

 

This article is featured in:
Compliance and Policy Identity and Access Management

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water