The National Security Agency (NSA) has a new data storage facility. It’s 1.5 million square feet of super computers that harbor massive amounts of information. Much of it is thought to be our phones calls and texts… at least the relevant metadata surrounding these communications, but there’s been considerable speculation about that here in these forums as well as elsewhere.
Business security folks are already asking critical questions: Do they store your stuff forever? Or, what stuff exactly, forever?
In match: How long do you (or a vendor, on your behalf) presently store? Many businesses have a destruct trigger for data based on taxonomies and dates. Many organizations at present also have loose, or evolving, or even no standards for what employees can do with company resources. Even large enterprises with sophisticated Acceptable Use policies don’t adequately enforce them… so –
What if Feds come at you in future, with charges? They could be charges based on what your sanctioned corporate data allegedly points to, or they could be charges based on what some long-departed employee did under the aegis of the organization’s banner (remember What is being done in the name of your domain? from I.T. Wars?). Can you, and your legal representatives, assess the charges on a “bit-for-bit” basis, so-to-speak? Will you have the relevant data from that period? Or will you be content to take the Feds word for the alleged transgressions of the past, that must now be answered for in the present? Oh oh…
– Security Policies
– Acceptable Use Policies
– Security Training
– All Data Retention and Destruct Policies
– Monitor what people are doing with work resources – the org owns the resources, and all associated content – to include anything so-called ‘personal’ that people are crafting with the org’s resources – make clear the org is monitoring everything, and why (again, get training up-to-speed).
The time is now – right now.