Newsletters Welcome, Guest Log In | Register
Home:

Interviews

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Vanish Doesn't Play Nice with Legal or Corporate Retention Requirements

by Lora Bentley, IT Business Edge
Aug 12, 2009 4:36:34 PM

Lora Bentley spoke with Greenberg Traurig shareholder Adam Landa, who co-chairs the law firm's national e-retention and litigation preparedness practice group about Vanish, an encryption technology that, in essence, allows the creation of electronic documents that self-destruct. Though he likes the idea, it presents practical concerns when one considers retention requirements, Landa says. (Next week look for Landa's comments on Vanish as it relates specifically to e-discovery requirements.)

 

Bentley: You've read and written about Vanish. What is your initial reaction?

Landa: Technologically, Vanish is a very good idea. My biggest concern with that technology is... Well, there are two things. One, how a company deals with its retention obligations or its preservation obligations in view of data that, let's just say for the moment, self-destructs.

 

The first example that came to mind as I was reading the white paper on Vanish is the broker-dealer. A broker-dealer has an obligation to retain every communication as such for three years, and for two years in readily accessible form. So a client sends an e-mail to a broker instructing a trade, and the e-mail is set up to "vanish" in 30 days. Should the broker-dealer reject the e-mail? It can't be retained for three years as required by law. What will happen if the client says, "Yeah, but I instructed you to make a buy," and the client can prove that somehow. That's one example, but there are all kinds of industries that are regulated and required to keep things.

 

Then there are company document retention policies. A company policy may require me to keep things, but now I can create or receive a document that can't be maintained in accordance with the policy. That's the first concern.

 

Bentley: Which indicates there's another?

Landa: The other thing that Vanish presents is the sender of a message may or may not want to keep a copy of that message that isn't composed or created with Vanish. I mean, I'm thinking this is a great technology for my Facebook post that I was hiking yesterday. Who's going to care about that? I can see why I'd want that kind of stuff to vanish -- personal comments and the like.

 

But when you start applying it to business communications, you have to think about what the recipient is going to do with the communication.

 

Bentley: Do you mind expanding on that?

Landa: I have not worked with a Vanish-enabled client yet -- the software itself -- but typically in an e-mail you can copy and paste or cut and paste content. So if you cut content out of a Vanish e-mail and you paste it into a text file or some other media, it's not going to vanish. You're still going to have a record of what that e-mail was. Or if you print it, or if you print it to PDF, those things aren't going to vanish the way the e-mail would. It concerns me that people would send things that they think are going to be gone, but they're not. Even at a minimum, if someone gave you this technological explanation of how you could create a Vanish client that would prevent someone from creating a PDF or cutting and pasting, you could still pull out your digital camera, point it at the screen and take a picture, and there it is.

 

Bentley: OK. So you're not really in complete control?

Landa: You're really relying on downstream client behavior, and by clients I mean technological clients that could either prevent printing or could create PDFs that would also be encoded to vanish. Conceivably you could do that. But I wonder how I would feel about your software being able to get into my copy of Acrobat?...I think it's a wonderful idea. I think its time has definitely come, and it has application to all kinds of things, but I think any company that is considering permitting the installation of Vanish clients has got to deal with how it's going to intersect with retention requirements.

More from our Network

Encryption: The Last Line of Database Defense  CTO Edge

A Cautionary Tale: The CEO and the Lost Laptop  CTO Edge

CA Embraces IBM Tape Format for Encryption  CTO Edge

Brocade Partners with Thales on Encryption  CTO Edge

Proofpoint Melds DLP with Encryption  CTO Edge

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Encryption

Properly scrambling sensitive data makes it worthless to crooks.

Blog: Help Desk Services Running Afoul of Compliance

Article: The Security Risks with Sharing Documents and How to Prevent Them

White Paper: Backup and Recovery: The Benefits of Multiple De-duplication Policies

Related Topics

Data Archiving, Document Management, E-mail and E-mail Management, E-mail and Web Policies

Featured White Papers

Browse

IP Telephony: Reliability You Can Count On

This white paper will examine the effects of three different architecture platforms on the ability to deliver IP-based telephony systems that are both highly available and cost effective.

Preventing Data Corruption in the Event of an Extended Power Outage

This white paper discusses various power management software configurations, and presents best practices aimed at ensuring system uptime.

Resource Centers

Browse

Tape Storage

Disaster recovery and business continuation that includes encryption, all at a manageable TCO.

Featured Whitepapers

Tape Fallacies Exposed — The Future of Tape Is Still Bright

Premium Tools

Browse

Disaster Recovery & Business Continuity Template Pack

Prepare your company for any type of disaster you can envision and those you cannot. Immediately download this comprehensive set of templates and tools for documenting your business contingency plans.

Learn more >

The IT Service Catalog Management Toolkit

Bridge the IT-business gap once and for all! A well documented IT services catalog is the conduit for IT services to the rest of the company.

Learn more >