Information Technology Reference
In-Depth Information
accidental data exposure events, it is likely that additional legislation will
follow to address backup media and other responsibilities in the manage-
ment of such information.
Knowledge of all the constraints and regulatory mandates affecting an
enterprise is critical to the chief architect's ability to implement manda-
tory controls while avoiding wasted effort on regulations that may be mis-
takenly applied to an organization. HIPAA provides a ready example of
an often-misapplied set of rules and requirements, because many organi-
zations do not fall under its scope of application even if some health-
related information is maintained in the organization's data systems.
Discovery and Retention
Because so many legal investigations and compliance reviews require
access to electronic records, long-term planning should include provisions
for information archival and reporting, as well as establishing standards
for data retention policies. Subpoena management practices should be
firmly in place before requests for data are received, in order to ensure
continuity of operations and minimize operational impact due to motions
for legal discovery.
Multiple articles of legislation under review may impose mandatory
data retention for Internet service providers and other agencies responsible
for the storage, processing, and transmission of information that could
be useful to law enforcement investigations. A chief architect can provide
great value to the organization by including data archival, storage, and
handling options in long-term enterprise strategy.
Extended Legal Involvement
Beyond information technology-specific mandates, legal requirements
can also include more generalized mandates that must be considered.
Issues such as the control and proper disposal of toxic chemicals such
as lead and cadmium found in many circuit boards can affect media
disposal and end-of-life-cycle technology management constraints.
Accessibility requirements under Section 508 of the Rehabilitation
Act must also be considered during authentication and data access plan-
ning. Complex multifactor or biometric authentication systems may
