Document Retention and Protection

Organizations generate a lot of data, and usually want to protect it. They store it in reliable media, secure it from unauthorized use, and back it up. This information, especially historical data such as sales history, contracts, emails, etc. is essential to make decisions pertinent to the future of the organization. Many organizations use a Document Management System (DMS) to store them. These systems then ensure they are versioned over time so that it is easy to find them, and see the various changes that were applied, while at the same time enforcing retention rules that dictate what must and must not be kept. This forms a repository to ensure data is both secure and can be located easily.

Which made it interesting to know that Google, king of search engines, was tripped up by a search engine on documents in their own possession. (Read full article here)

Google has been sued by Oracle for use of a programming technology called Java in their Android phone and tablet operating system. Most lawsuits have a discovery period, in which each litigant turns over all documents pertinent to the case, but can exclude any client-attorney privileged documents. For example, original blueprints of an alleged copycat product must be turned over, but a letter between an attorney for the litigant and the engineer which discusses the blueprints is protected and can be held back from disclosure.

In order to facilitate discovery assembly, legal analysts use tools similar to the Google search engine, which allows them to collect information from across the organization’s systems using keywords like “Java” while at the same time excluding documents with phrases like “attorney work product”. In this case Google was caught by a draft email stored on the server; one of 9 drafts before the final. This particular version stated that Google should license the Java technology from Oracle. But because it was an early draft, it did not include the key phrase “attorney work product”, and was released to Oracle’s attorneys. It may change the case completely.

This illustrates the key point: that you need to know what you keep and what you should not keep, and how it is encoded. Document Management Systems can help with this, by setting up and enforcing retention or coding rules, they can automatically add a tag, or delete documents over a certain age.

Google shows us a great lesson; what do you learn from it? If you would like an opportunity to discuss how you can put the right systems and polices in place, feel free to place your feedback below.

3D Printing and Piracy

Information security is always important, and when not designed and enforced properly creates holes that allow unauthorized access to your critical data. Any exposure of salaries, customer credit cards, financials, and product designs may be potentially fatal to your organization. To the extent that your business processes information, your loss of data may be even more damaging. If you are a bank and suffer theft of information it may be the very reason you go out of business. But if you are a manufacturing firm, loss of data does not necessarily mean loss of product control. A bank loses this with loss of data; a manufacturer does not.

But with the advent of 3D printers that can “print” a product from a design file may allow somebody to quickly generate the same product you manufacture without you even knowing it. And now one of the most notorious file sharing sites, The Pirate Bay, has an area for “3D Designs”. This means your product design in the wild could be copied freely like MP3 music files are now. While there is not a large market now for 3D printing, it is a growing manufacturing area that as it attracts attention, will also attract pirates who can obtain your design source files, and easily run them locally to generate an identical part to the one you produce. They can start where you left off with “improving” the product and creating their own offering based on your initial labor.

A video of how these printers work

What this means to manufacturers is that they need to show the same concern about piracy and security as the recording industry does. It means ensuring that you are kept updated on operating systems and their patches; applying security rules to limit access, improving physical and logical access to systems and data, and other measures. As the recording industry has shown, once the cat is out of the bag it is almost impossible to put it back in, so looking at your system now and getting ready should at least be in your plans.

If you would like an opportunity to discuss how you can put the right systems and polices in place, feel free to place your feedback below.