Archiving101.com

Last week I gave a widely attended webinar on PST file consolidation and one of the questions I received specifically asked if there was a good reason to have PST files in your organization.  Well .. except for maybe handing data over to an opposing council there are absolutely NO reasons at all to have PST files in your organization:

• You cannot apply retention or legal hold to PST files
• eDiscovery request are nearly impossible to accomplish as they require searching, discovery and manually opening and searching all the content in them.
• PST files are quite often used when employees leave organizations to take their maildata with them to a competitor. They can store them on an MP3 player and walk out of the door which is a huge security risk for data leakage.
• They are difficult to find except if you use appropriate PST crawlers.
• They’re fragile, especially as they get big. They get corrupted too easily. Users aren’t the best at ensuring that their systems are properly shut down.
• You have to run the Inbox Repair Tool on them way too often.
• Your users don’t back them up. Presumably you do back up the server.
• Your users don’t compact them. They just get bigger and bigger.
• Your users forget their PST passwords. Even though there are unsupported tools to crack them, it can take a significant amount of time to do so.
• You lose single instance store (SIS).
• Messages take up more space in a PST than in an Exchange store.
• It’s simply nuts to store PSTs on a network drive. They just end up taking up more space. Is disk space on your file server cheaper than disk space on your Exchange server?  (besides that Microsoft doesn’t support PST files on a File Share)
• For road warriors, OSTs are a much superior storage technique, especially with the improvements made with Outlook. They allow untethered computing at a higher level than with PSTs, plus with the added security of a backed-up information store on the server.
• A PST can be opened by only one machine at a time. This precludes a manager and assistant from working from the same PST simultaneously, and precludes team access.
• You cannot use Outlook Web Access to read your downloaded messages.
• PST files are not secure. Anyone with access to the PST file can open it using the right tools.
• You cannot clean up PST files after virus infestations.

Did I miss anything?

In an earlier post this month I talked about that we probably would need more oversight in our financial industry, but while we are at it, it might make sense to broaden this topic to go beyond just the financial industry.  From a personal perspective and not an ‘archiving vendor employee’ perspective I’d like to see that other industries are also going to see some sort of better oversight and rules to retain electronic records.   For instance down to a State level, different States have different laws if email is qualified as a public record and if it needs to be retained or not.

The following website http://www.rcfp.org/elecaccess has a good article about this:

In Florida, e-mail messages made or received by a state agency in connection with the transaction of official business are public records. The same holds true in Arizona, Arkansas, Colorado, Maryland and Ohio. Arguments also may be raised that many states’ expanded definitions of public records now contain e-mail within their scope.

However, in Michigan, the lack of a specific statute has allowed two agencies to develop radically different e-mail practices. The University of Michigan has made e-mail private to the “fullest extent permitted by law.” Washtenaw County, where the university’s Ann Arbor campus is located, adopted a resolution to make county government e-mail open to public scrutiny.
The conflicting policies in Michigan illustrate the tensions between open records laws and privacy concerns. Open records advocates argue that e-mail is a natural product of the move toward “paperless” offices. Others argue that government employees use e-mail believing that the messages are private.

In December 2002, a circuit judge in Fredericksburg, Va., ruled that a group of officials violated the state’s open meetings law when they e-mailed each other regarding city business.

The Connecticut Freedom of Information Commission has proposed restrictions on use of e-mail. If the new rules are adopted, a majority of a board’s members would not be allowed to discuss the same subject using e-mail, because it would constitute an illegal meeting and thus exclude the public. The commission intended to reach a decision by Spring 2003.

The Florida Attorney General found that “the use of an electronic bulletin board by water management district basic board members to discuss matters that may foreseeably come before the basin board over an extended period of days or weeks, which does not permit the public to participate online, is a violation” of the state’s open meetings law. But the attorney general also has said that “a school board may use electronic media technology in order for a physically absent member to attend a public meeting of the board if a quorum of the members is physically present.”

It is not clear in all states whether open records laws apply to e-mail such as intra-office memos, letters from citizen-taxpayers, and government employee correspondence from an outside bulletin board.

On the federal level, the U.S. Court of Appeals in Washington, D.C., held that substantive e-mail communications are records under the Federal Records Act. The Federal Records Act covers the preservation of the transaction records produced by federal agencies. In Armstrong v. Executive Office of the President, the court ordered periodic review of electronic record-keeping practices at the National Security Council.

A federal district court in Tennessee ruled that a media plaintiff had no First Amendment right to city government employees’ Web browser history and “cookie” files, which store information about Web sites the user has visited. The court noted that it did not address whether the files would be available under the state Public Records Act. (The Putnam Pit, Inc. v City of Cookeville)

While we might want to start to get all the States at least at a same level, we should also look at other industries to ensure that records are retained.

So the world is awaiting when EMC and Symantec are going to release their latest versions.  Enterprise Vault 2008 (Code name Bauer) is going to have some significant enhances, but Symantec is keeping up a smokescreen.

The details on EMC’s Project Janus haven’t been released either.

http://www.news.com.au/story/0,23599,24364783-401,00.html

HACKERS have revealed private emails sent by Republican vice-presidential candidate Sarah Palin, as well as what appear to be email addresses for her snowmobile-riding husband Todd, her pregnant daughter Bristol and her soldier son Track.

The hackers broke into Mrs Palin’s personal Yahoo! email account, which she uses to send government emails in addition to her official Governor’s address.

Screengrabs and what appears to be a full listing of her email contacts have been posted on the web, including on WikiLeaks, raising concerns about the vulnerability of information in the official emails sent on the private address.

Critics have also suggested Mrs Palin and her office might use personal accounts to send information they want to keep secret, sidestepping public diclosure laws.

Two email accounts apparently used by Mrs Palin - “gov.sarah” and “gov.palin” - have since been discontinued.  The latter was the account which was hacked.

It showed Mrs Palin’s husband Todd used “fek9wnr” in his address - “Fe” for iron and “k9″ for dog.  Mr Palin won the Iron Dog snowmobile race and has the same term as his licence plate number.

It also showed an address for Bristol Palin, the 17-year-old whose pregnancy made global headlines after her mother was chosen as John McCain’s running mate, as well as one for Track Palin under the name “track_44″.

Users on Gawker.com, which published the screengrabs and contacts list, speculated on the meaning of the name, prompting a tongue-in-cheek suggestion that there must have been 43 other kids named Track who beat him to the punch.

Privacy

“This is a shocking invasion of the governor’s privacy and a violation of law.  The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them,” the McCain-Palin campaign said.

The Associated Press reported that the US Secret Service had asked it to turn over its copies of the hacked emails, but the news agency refused to do so.

The content of hacked emails published so far seem mostly harmless, restricted mainly to congratulatory messages after she was announced as the Republican vice-presidential candidate.

In another, she writes to her Lieutenant Governor, complaining about a local radio host.  In yet another, an associate tells her to ignore negative publicity in the aftermath of her entry into the White House race.

The Associated Press suggested the hackers might have broken into the account by tricking Yahoo! into revealing Mrs Palin’s password using publicly available information about her.

Or, it said, the hackers might have tricked Mrs Palin into revealing her own password in a phishing scam.

With the complete meltdown of the financial industry I am wondering if there should be more strict rules and regulations or if we should let the free market play here.

On one end .. any sane person could see a collapse of the housing market coming (after all .. what risk is there to give a mortgage to people who have no job right?) …

We already have some rules for the SEC geared towards insider trading (NASD3010 and 3110) .. maybe we need some more to monitor other operations ?

Thoughts / comments ?