An Interdisciplinary Perspective on Secure Data Collection, Storage and Retention
Co-Sponsored by the Computer and Communications Security Center and Colorado Center for Information Storage
One of the inevitable byproducts of the digital age is the ability to produce, store, transport, and collect massive amounts of information. As for 2002 alone, one study estimated that ninety-two percent of the 5 exabytes of information created in that year was stored on magnetic media, mostly in hard disks. (To understand how big is five exabytes, consider that this amount of information is equivalent in size to the information contained in 37,000 new libraries the size of the Library of Congress book collections.)
Over the last year, several high profile security breaches have underscored the flip side of the ability to store and retain massive amounts of data–if this data falls into the wrong hands, trade secrets and other private information can be compromised. For firms who did not view the investment in securing data as a business imperative, increasing regulatory mandates, ranging from Sarbanes Oxley’s regulations on corporate record-keeping to the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), are increasingly forcing firms to take a close look at these issues. And the Federal Trade Commission’s action in the BJ Warehouse case (which penalized the company for the insecure storage of unencrypted data) further underscores, as former FTC Commissioner Orson Swindle put it, “if you use information in any form, you have an obligation to protect it.”
This conference will evaluate the cutting edge issues about corporate management of data, ranging from health care records to customer information to corporate policies. In particular, we will evaluate three essential questions facing business executives and policymakers. First, we will take a broad look at the business imperatives and regulatory oversight that are increasingly making data security a high profile issue. Second, we will examine the emerging best practices for keeping information secure against unauthorized access, how to retain information for record keeping and legal discovery requests (while keeping it secure) as well as how to store information for disaster management purposes. In so doing, we will discuss issues ranging from different types of storage media, whether to encrypt information, and when to keep information available on online databases. Finally, we will evaluate the trends in business, policy, and technology relating to data security, suggesting what it is likely to happen and what should happen in the years ahead.
Sessions
Welcome and Overview
The Legal, Regulatory, and Business Rationales for Secure Data Collection, Storage, and Retention
- Terence Gill
Partner, Sherman and Howard - Phil Gordon
Shareholder, Co-chair, Privacy and Background Checks Practice Group, Littler Mendelson P.C. - Bob Lockhart
Chief Systems Architect, NeoScale
Best Practices and Technologies for Data Management
- Mitchell Ashley
Chief Technology Officer, Still Secure - Aloke Guha
Chief Technology Officer, Copans System - Dirk Grunwald
Professor, Director of Undergraduate Studies and Associate Chair, Department of Computer Science
Break
The Future of Data in a Networked Age
- Reggie Davis
Senior Litigation Counsel, Yahoo! - Jack Waters
Chief Technology Officer, Level 3 Communications - Chris Steinbach
Vice President of Global Security Solutions, Computer Sciences Corporation