Compliance Is A Gold Mine


Regulations are not just for big businesses anymore. Today states are enacting data privacy laws that mandate companies both large and small protect the confidential data of their customers. And this could be a huge opportunity for you to add services and provide expertise to your customers.

Earlier this month the state of Utah disclosed that 181,000 people who receive benefits from Medicaid and the Child Health Insurance Plan had personal information stolen due to a simple configuration error. These types of disclosures happen all too often. In fact, there have been more than 3,000 breaches since 2005 with more than 545,645,703 records breached in the same time period. While Windows has been the platform of choice for hackers, the popularity of Apple devices has hackers moving their attention toward the Mac platform. Kaspersky Lab recently said that its analysis of a massive botnet revealed that more than 98 percent of the infected systems were running a version of Mac OS X and more than 600,000 computers had been compromised. If you think anyone or any platform is safe, think again.

There is an alphabet soup of regulations out there: PCI-DSS for companies that take credit-card payments, GLBA and SOX for financial institutions, HITECH and HIPAA for the health-care sector. You can add to the mix 46 states that now have some sort of data breach notification law on the books, with Massachusetts and Nevada leading the charge with stringent laws forcing proactive, not reactive, security measures.

Beyond state regulations, do you know about e-discovery? The official name is the Federal Rules of Civil Procedures (FRCP) and it now states that electronic documents are discoverable. So, theoretically, all businesses involved in lawsuits, IRS actions or HIPAA or SOX violations must respond to an electronic discovery request. This means your customers must retain electronically stored information -- e-mails, IMs, text documents, wikis, blogs, Web transactions -- and be able to retrieve it and hold onto the electronic record until the matter is settled.

And while you don’t want to be in a position to be an auditor for your clients, baseline knowledge of the regulations and, more importantly, the technologies that can help can be something added to your arsenal.

I would bet that most small businesses aren’t even aware that they must meet these data protection laws or know much about e-discovery. What’s more, there is a lot of sensitive data that small businesses have and need to be protected: Social Security numbers, W2s, payroll information, Tax ID numbers, credit-card numbers, the list goes on.

This could be a gold mine for the channel. Solution providers can install a number of security measures to help small businesses meet the regulations and protect their customers’ data. You can help a small business create a document retention and business continuity plan and then map policy-based encryption, e-mail archiving and recovery and data leakage prevention to the strategy. Today there are some hosted models that you can white-label as a service and look like a hero to your client.

So get a primer on the most common regulations, what they mandate and what technologies map to the regulations. An ounce of prevention is worth a pound of cure.

BACKTALK: Kelley Damore is VP, Editorial Director
for UBM Channel. You can reach her via e-mail at
kelley.damore@ubm.com.