4. 288,000,000,000,000,000 bytes
In 2007 there was more digital information created, captured, and replicated than
there are stars in the universe…. (IDC, 2008)
11 December
4 2008
5. 1 EB (Exabyte) = 1024 Petabytes
= ~1 million Terabytes
Approx 44GB created in 2007 for
each of the 6.6 billion people
on the planet
Approx 40 times all words ever
spoken by human beings
11 December
5 2008
6. Digital information growth - 15 year projection
= (6.02214179 ± 0.00000030) x 1023
= (6.02214179 ± 0.00000030) x 1023
11 December
6 6 2008
9. Word processing documents
Email Video Banking data
Inventory
Source code Drug trials
Project plans
Location data
Telemetry
RFID Transactional
Medical Imaging
Spreadsheets
Audio VoIP
Chat
Order processing
Database content Images
Trading data Presence
9
11 December
2008
Applications data
10. Word processing documents
Email Video Banking data
Inventory
Source code Drug trials
Project plans
Location data
Telemetry
RFID Transactional
Medical Imaging
Spreadsheets
Audio VoIP
Chat
Order processing
Database content Images
Trading data Presence
10
11 December
2008
Applications data
11. Amid the piles and piles of information that exists in
unstructured form across an enterprise is the one piece
of information that you need
How do you find it?
Sensitive information exists and proliferates across an
enterprise
How do you protect it?
Information is duplicated at various places through an
enterprise
How do you consolidate it?
Multiple data sources exists across an enterprise providing
conflicting information
11 December
How do you resolve it?
11 2008
13. Example: (Public) Information access
• The government will become a world leader in electronic
service delivery by giving citizens seamless and convenient
access to government information services.
• Individuals and businesses will have greater choice about
how, when and where they access government
information, perform transactions, obtain advice […]
• They will be able to evaluate the quality of service
themselves
http://www.gov.on.ca/mgs/en/IAndIT/STEL01_045575.html
11 December
13 2008
15. EuroSOX
EuroSOX is a set of EU directives designed to enforce
financial transparency and prevent market abuse that
includes:
− Directives on annual accounts and consolidated accounts
− The 4th Company Law Directive; Treaty on the annual accounts
− The 7th Company Law Directive; Treaty on consolidated accounts
− The 8th Company Law Directive (Directive 2006/43/EC)
EuroSOX IT requirements include:
• Auditor support software, containing questionnaires,
narratives, process flows and control matrices, as well as
testing and remediation reports.
11 December
15 2008
16. Regulation 1049/2001 - excerpts
1049/2001 – ART 12.2. The institutions shall
as far as possible make documents directly
accessible to the public in electronic form or
through a register in accordance with the rules
of the institution concerned.
Art. 12 […] The institutions shall as far as possible
make documents directly accessible to the
public in electronic form or through a register in
accordance with the rules of the institution
concerned […]
[…] ‘document’ shall mean any content whatever its
medium (written on paper or stored in electronic form
or as a sound, visual or audiovisual recording) […]
11 December
16 2008
17. An example: Instant Messaging
• Corporate usage of Instant
messaging grows 19% every year.
• Instant messaging is subject to same
retention rules as e-mail: it’s a record
“IM is utilized by NWS operational person-
nel to share critical [weather] warnings”
“IM Chat sessions are public records”
11 December
17 2008
18. What defines a record?
A record is a collection of information, not a single document
Documents
E-mails
Physical objects
All of the information, managed in
context, that makes up an event or
a business transaction
Meetings
Tasks
Websites and intranet sites
Instant message conversations
Records need to demonstrate authenticity, reliability, integrity
and usability.
11 December
18 2008
19. Market disruption
Everything is becoming a business record
• Regulations driving focus beyond e-mail and office docs to include
paper/scans, SharePoint, wikis/blogs, user content on PC/mobile
and file shares
“ECM” market is disaggregating
• Big ECM has unfilled promises
• Document repositories are commoditize
• Value shifting to “what you do with the document”
Information resides everywhere
• Multiple copies, multiple repositories, multiple formats
• Paper, structured, unstructured, rich media etc
• Opportunity for content enablement
11 December
19 2008
20. Electronic Discovery Reference Model
Tools for IT Tools for lawyers
Records and retention Analysis and presentation
www.edrm.net
11 December
20 2008
25. Privacy as a Human Right
Charter of Fundamental Rights of the European Union
• Article 7
− “Everyone has the right to respect for his or her private and family
life, home and communications”
• Article 8
− “1. Everyone has the right to the protection of personal data
concerning him or her.”
− “2. Such data must be processed fairly for specified purposes and
on the basis of the consent of the person concerned or some other
legitimate basis laid down by law…”
11 December
25 2008
26. EU Legislation
• Data Protection Directive 95/46/EC
− Right to privacy in collection of personally identifiable data
− Companies need explicit consent for collection of data on race, health, sex
life, criminal records, etc.
− Fair and lawful processing, purpose specification and limitation
− Includes e-mail privacy protection
• Directive on Privacy and Electronic Communications 2002/58/EC
− Enacts Articles 7 and 8 of the Charter
− Specifically prohibiting interception or surveillance of private
communications (Art 5 (1))
− Focused on privacy issues in electronic communications on public networks
• Consultation on Protection of Workers’ Personal Data
− Ongoing development of framework for potential new directive
11 December
26 2008
27. Privacy – architectural challenges
• Protect Information
− From Losses and unauthorized disclosures
− Encrypt content
• Classify information easily or transparently
− “Private or not” minimum
• Store information centrally
− Can only protect what I have
• Define information lifetime policies
− Enforce disposal times
11 December
27 2008
29. Please Tell The Audience…
• How you voted in the last election
• Do you use drugs recreationally?
• Your Bank account details
• …and the Balance
• Oh, and How much do you Earn?
•… and how much does your husband/wife Earn?
• When did you last have sex…
• …with your wife/husband …
• …with somebody else!
11 December
29 2008
30. In the US, Electronic Monitoring is widespread
• 76% of employers monitor employees’ website connections
• 55% store and review emails
• Over 25% of companies have sacked workers for alleged
misuse of the Internet
• 25% of companies have sacked staff for email misuse
• 10% of companies did not tell workers that Internet access
was being tracked
• 14% failed to notify workers that email was being
monitored
• 1 in 3 employers monitor keystrokes on keyboards
Source: American Management Association 2005
11 December
30 2008
32. A Balancing Act
• Liability for email interception and monitoring balanced between
− Employers’ legitimate business reasons for the intrusion, and
− Employees’ reasonable expectation of privacy
• Importance of Business intrusion • Expectations of Privacy
− Preventing sexual or racial − Context of the intrusion
harassment
− Extent of the intrusion
− Preventing physical harm
− Existence of acceptable use
− Loss of trade secrets policy
− Copyright infringement − Notice of monitoring
− Excessive personal use of − Consent
company property
− Procedures to minimize intrusion
− Procedures to confirm results
− Procedures regarding
consequences
11 December − Procedures to guard secrecy
32 2008
33. Summary
• Manage information growth
• Ensure Access to the information
• Manage multiple formats
• Protect Privacy
• Capitalize on information
Don’t wait!
11 December
33 2008
