New Group To Help Businesses Sort Out Compliance Issues

Eight storage, content management and records management vendors recently formed the Compliance and Management of Electronic Information Working Group (CMEI) to provide regulation information to businesses and help ensure that technology issues are considered in future laws.

The founders are Hewlett-Packard, Hitachi Data Systems, Network Appliance, Open Text, Oracle, Plasmon, Sun Microsystems and Veritas Software. CMEI is part of the Internet Law and Policy Forum.

CMEI should help VARs address technology issues affected by the new regulations, said Kris Domich, strategic consultant at Dimension Data, a Reston, Va.-based IT consultant and solution provider.

For instance, a corporation might be legally in compliance by storing data for seven years on tape, only to find out later that the tape media failed or a tape drive is no longer available, Domich said. "A lot of customers feel they are on the right path—and they are, according to the regulations," he said. "But they don't consider whether the solution is future-proof."

CMEI was formed in part to address such issues, said Harald Collet, chairman of the organization and product manager for records management and compliance support at Redwood Shores, Calif.-based Oracle.

One source of confusion is the variety of guidelines in the United States and foreign countries regulating how data must be stored, Collet said. "Estimates in the [United States] are that there are over 10,000 different federal, state and local regulations addressing how to store and dispose of data," he said.

In the financial space, the conflicting details of some regulations make it impossible to follow all of them.

"In the [United States], the SEC says a company needs to keep financial data for seven years," Collet said. "But in the [United Kingdom], companies must destroy data once a business relationship is terminated. Today, a company [operating in both countries] needs to make an internal decision as to how to handle [the data]."

CMEI has two subcommittees, Collet said. The Best Practices group is looking to provide end-user organizations a checklist to help them determine what regulations to watch for, what kind of information flows through the company, how the information is stored, how storage requirements impact technology and what storage products are needed.

The Legal sub-committee is aimed at offering legal and regulatory summaries to end users and at clarifying vendor inputs into the regulatory and legislative policy-making process, he said.

Erik Wulfers, worldwide business manager for enterprise content archiving at Santa Clara, Calif.-based HDS, said that help from CMEI and other third-party organizations will give the channel better clarity about strategies for tackling compliance issues. "A lot of time is spent on what best practices are available for customers," Wulfers said. "If solution providers have the best practices already, they can help customers implement the solutions faster."

Pat Edwards, vice president of sales at Alliance Technology Group, said the Hanover, Md.-based storage solution provider spends significant manpower trying to keep up with and understand compliance issues. Therefore, it would be interested in working with CMEI to bring information to customers. "If I were [CMEI], I'd get out, talk one-to-one with customers, have roundtable discussions with them," he said. "Alliance could easily get four or five Fortune 500 customers together, their CFOs or CCOs [chief compliance officers] and have a breakfast meeting with CMEI."