Category: Regulations

E-mail has been used as evidence in court cases for years; the amended rules also cover electronic documents, spreadsheets, image and sound files, and database info.

The amended rules explicitly state that requested information must be turned over within 120 days after a complaint has been served on a defendant. If this deadline isn’t met, it’s possible that electronic evidence could be ruled inadmissible. Or in the instance of a defendant sitting on potentially damaging evidence, courts can levy fines and other penalties.

The amended rules are to CIOs what Sarbanes-Oxley was to CFOs, says Riki Fujitani, a former attorney who’s now president of IT service provider Hoike.

The courts are showing their understanding that information is much easier to retrieve from modern storage technologies, while at the same time acknowledging that finding the right information on obsolete media could be just as difficult as digging up a paper document in a warehouse of filing cabinets.

In a survey by Enterprise Strategy Group, 91% of 568 e-mail, database, and compliance pros at companies with more than 20,000 employees said their organizations had been issued a discovery request for e-mail last year.

One thing that’s anything but ambiguous is the legal system’s disdain for companies that intentionally destroy electronically stored information. Morgan Stanley in May paid $15 million to settle Securities and Exchange Commission charges that it destroyed more than 200,000 e-mails and failed to cooperate with SEC investigators looking into Wall Street business practices.

Courts have over the past six years or so changed their views on the credibility of electronic documents, says Diego Maldonado, senior VP of the government technology group within consulting firm The Newberry Group.

Despite the amendments, there are still gray areas related to e-discovery.

http://www.informationweek.com/news/showArticle.jhtml;jsessionid=TEDZYBQNAAK00QSNDLPCKH0CJUNN2JVN?articleID=196600853

The office of the United States Trade Representative (USTR) has frequently criticized Russia for not effectively protecting or enforcing intellectual property rights (IPR).

“We have an agreement in principle and are finalizing the details,” U.S. Trade Representative Susan Schwab said in a statement.

The agreement calls for Russia to take specific actions and to enact laws by specific dates to combat Internet piracy and optical disk piracy. Under the terms of the agreement, Russia will permit a one-time notification for multiple products and set specific ground rules for granting licenses for products that require an import license.

The bilateral deal is critical to Russia’s admission to the World Trade Organization (WTO).

According to the USTR, the Bush administration has consulted closely with Congress, particularly with members and staff of the House Ways and Means Committee, the Senate Finance Committee and the House and Senate Agriculture Committees and the IPR Caucus.

http://www.internetnews.com/bus-news/article.php/3643351

Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system.

http://sympatico-msn-ca.com.com/UK+outlaws+denial-of-service+attacks/2100-7348_3-6134472.html?part=sympatico-msn-ca&tag=feed_2570&subj=ns_6134472

Rob Gretton, Business Development Director for DISUK commented: “This legislation is a step in the right direction as anything that empowers the individual and gives them more information is a good thing.

Identity theft is not just a problem on the Internet; it can happen in much less visible ways. Thefts and losses of backup tapes mean that large volumes of personal information such as, mother’s maiden name, date of birth or national insurance number are exposed to potential misuse at any time in the future.

http://www.it-observer.com/news/6910/europe_prepares_data_breach_notification_legislation/

The maximum punishment under the new legislation is a prison sentence of ten years and a fine of US$1.3million, which can be imposed on anyone found guilty of hacking into government networks to steal information related to national security or using the internet in support of terrorism.

Any person who gains unauthorised access to a public network or who installs viruses on that network will be subject to a fine of around US$800,000 and/or up to four years in prison.

http://www.itp.net/news/details.php?id=22318&srh=&tbl=itp_news

“Enterprises are doing all of their compliance work in silos, and they aren’t seeing the commonality between [the projects], particularly in the area of security,” says Stephen Barlock, North America security lead at Accenture. “The net result is that their compliance efforts are much too complex.”

Enterprises are also finding that the costs of their compliance efforts are rising, not falling, because of the growing number of independent, and sometimes redundant, regulatory efforts, says Mark Perry, vice president of global consulting services at Symantec, who will head the joint venture.

SOX and the Gramm-Leach-Bliley Act (GLBA) mandate data protection, but don’t give any IT specifics. The Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry (PCI) standards outline more specific requirements.

“What we encourage companies to do is build a matrix of the requirements,” says Chris Apgar, president of Apgar and Associates LLC, a compliance consulting firm. If they meet the most stringent security requirements on the matrix in each category, the result should be a security platform that meets the compliance mandates of all of them. For example, if you look at SOX and GLBA, they don’t say much about encryption,” Apgar says.

Accenture and Symantec are working on a way to automate the process of correlating the security requirements of each regulatory mandate and identifying the most stringent elements, says Accenture’s Barlock. “With this joint venture with Symantec in place, though, we think the days of doing this manually are numbered.” “If you want to encrypt email, a $250,000 package from Tumbleweed is a pretty sure thing to pass an audit,” he says.

http://www.darkreading.com/document.asp?doc_id=106910&WT.svl=news2_5