Data Protection Solutions Best Practice - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Data Protection Solutions Best Practice

Description:

Data Protection Solutions. Best Practice. www.pivotstor.com. Why ... Public Law Act 104-191 Part 164. Data Protection Act 1998. Freedom of Information Act 2000 ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 14
Provided by: wind847
Category:

less

Transcript and Presenter's Notes

Title: Data Protection Solutions Best Practice


1
Data Protection SolutionsBest Practice
  • www.pivotstor.com

2
Why Do We Need It?
  • Am I Safe From
  • Government Regulations
  • Tax laws
  • Corporate Governance
  • Shareholders
  • Legal Issues?
  • Lawsuit
  • HR
  • Industry Business
  • All Companies Have to Comply to Regulations

3
Why Do We Need It?
  • Sarbanes-Oxley Act of 2002
  • RICA
  • KING II
  • Financial Services Markets Act 1970
  • Basel II Capital Accord
  • Enterprise Act of 2000
  • ISO 27001
  • Financial Modernisation Act 1999
  • Public Law Act 104-191 Part 164
  • Data Protection Act 1998
  • Freedom of Information Act 2000
  • Human Rights Act 1998
  • FRCP U.S Act of 2005
  • Etc...............................................
    ..

4
What Do Companies Believe?
  • I have a backup, I dont need an archive
  • Backup is for DR
  • Cost of restoring for legal use is huge
  • Non-production systems built paid for
  • Manual searching by people
  • Backup is not geared to find restore individual
    mail
  • IT intensive
  • Backup not provable as Tamper Proof
  • Backup is an off-Line medium
  • Not directly visible to users
  • Archive is an on-line or near-line medium
  • Directly visible accessible by users
  • Advanced search of subject/body text/attachments

5
What Do Companies Believe?
  • I run anti-virus anti-spam on my server
  • A good start!
  • Runs at server/email server/desktop level
  • Problems have already entered the system
  • Increased network loading
  • Increased server/email server/desktop loading
  • Better to catch it as it enters the gateway!

6
What Do Companies Believe?
  • I just keep everything on the server
  • Too much data on systems slows things down
  • Typically only 20 of server data is needed to
    run a company
  • Why backup store the other 80 of unchanged
    data?
  • For DR why restore 80 of unchanged data?

7
What Do Companies Believe?
  • I know what is happening in my systems
  • Percentage of spam viruses?
  • How much user time is lost to managing email?
  • What the exact status is of the systems ?
  • Reporting

8
Examples of Record Retention Requirements
  • Section 222(5) of the Companies Act 1985
  • Records relating to company accounts must be
    retained
  • Public companies, minimum of 6 years
  • Private companies, minimum of 3 years
  • Company Directors and Officers must ensure
    compliance
  • Penalties are prison sentence of up to 2 years,
    fine of up to 5,000, or both
  • Tax Management Act 1970
  • Retention of records relation to employee
    payments
  • Including payment made to or on behalf of
    employee I.e. expenses

9
Legal Admissibility
  • Civil Evidence Act 1995 (section 4)
  • Electronic data is legally admissible in court
  • Evidential Weight
  • Ability to prove records have not been tampered
    with
  • Inability to demonstrate this standard has meant
    lost cases
  • BSi DISC PD 00081999 provides a code of practice
    for electronic storage for legal admissibility
  • Discovery
  • Civil Procedure Rules, Part 31
  • In 1996 Norwich Union settled out of court (cost
    450,000) plus legal expenses estimated at a
    further 1,000,000 rather than try and locate and
    provide email evidence in their libel defense
    against Western Provident Assurance.

10
Best Practice Is Easy.
  • Ensure an Authentic Copy Digital Signatures
  • Must be able to prove that the delivered sent
    emails are exact copies as is stored in the
    Archive
  • Ensure that the Archive System is Tamper Proof
  • Water tight Archive DB Password protected
    Database
  • What happens if the archive media is stolen?
  • Encrypted archived emails
  • Ensure that no back-doors are available for
    hackers
  • Closed system solution
  • Business (not user) defined Archive Policies
  • Approved internal company archiving policies
  • Installs on server, not desktops
  • Archives all email according to company policies

11
Best Practice Is Easy.
  • Full Audit ability of access and movement
  • Must be able to provide reports detailing the
    life of each individual email
  • Cradle to grave Audit report per email
  • Full search capability
  • Must be able to search the email archive on
    content, subject addresses
  • Feature also includes and/or/if logic

12
Summary
  • 5 Basic Building Blocks
  • Manage data
  • Find information
  • Protect from attack
  • Too much data slows things down
  • Network
  • Servers
  • Users

13
Thank You
Write a Comment
User Comments (0)
About PowerShow.com