Do We Need a Regulatory Reset for Data Retention?
Reading through Matt Rosoff's story about the hidden risks of BYOD data retention, I had the feeling that this is a topic that only lawyers could love -- mainly because it means lots of extra billable hours for them.
The point of the story -- that BYOD may already be causing your enterprise expensive woes in regards to data retention -- was that you better start training and educating your enterprise about how to properly store and retain sensitive data. Though that's sound advice, I wonder if it isn't time for a nationwide or industry-wide rethink of the rules and regulations surrounding data retention. Because if we continue down this pathway of greater mobility, I foresee a lot more fines like the one Matt mentioned before things get better.
But are big fines any real incentive to change behavior? As we are learning from Apple today, big corporations can get creative when faced with unpleasant situations like large tax bills. And their solutions may not be in the best interests for all. Couldn't you see a legal loophole where big firms all of a sudden start storing data somewhere where it's not subject to big fines for mishaps? Maybe that's too simplistic an argument but my feeling is, our data retention laws aren't reflective of the world we live in.
I understand and agree that we want sensitive data to be protected, and that government and law enforcement should have access to data when they are legally warranted to do so. But I don't see how dinging a company a million bucks for losing a laptop is going to make corporations comply. If it's easier and cheaper to circumvent the process, like water they'll find that path. Isn't it better to figure out now how to have rules that make sense for a more-mobile world where locking down data may be next to impossible?
Visit the Mobile Enterprise 360 Community to learn more.