PRISM Update

Survey Says... Comply (On the Cheap)!

Iron Mountain just completed a survey of 2,700-plus information management professionals. With a sample that large there were bound to be some interesting findings. Overwhelmingly, 91 percent of information managers think it is important to be in complete information management compliance—good news for the commercial information management and secure destruction industries! However, when exploring the survey more deeply, one begins to see the reality on the ground taking shape.

When asked about the greatest challenge, compliance is a distant third. What ranked first? Cost-effectiveness. In a follow-up question, respondents were asked to rank their top-three concerns. Privacy protection ranked fourth, disaster recovery, fifth, and secure destruction, sixth. What ranked first? Budget constraints. When asked about whether resources would be committed to information management improvement in the near future, nearly half said, “No.”

Even in the long-ago days when I was employed at ARMA International there was nearly continuous wailing and gnashing of teeth among information management professionals over a lack of corporate support.

During the Y2K crisis and again during Sarbanes Oxley roll-out period, there were predictions that records and information management was finally out of the basement and into a higher visibility position within the organization. What this survey may be indicating is that “old habits die hard” and that in times of economic distress compliance is a lovely idea as long as it can be funded within budget constraints.

As an industry, we need to change the message to one of the priority of compliance and the necessity of data protection. This is a vital risk management message that must be communicated. One of the chief ways PRISM International is addressing this issue is through the implementation of the PRISM Privacy Plus Certification program. Creating voluntary certification within the industry is what the Federal Trade Commission (FTC) had in mind as it has supported industry self-regulation. In its December 2010 staff report, “Protecting Consumer Privacy in an Era of Rapid Change,” the FTC continues to support industry self-regulation that conforms to recognized privacy principles supporting consumer protection. Companies who adopt PRISM International’s Privacy Plus Certification clearly demonstrate their commitment to privacy protection and support information management practitioners as they seek greater support and funding from management.


 

Jim Booth is executive director of PRISM International, Garner, N.C., and can be reached at jim@prismintl.org.

Read Next

Liability Issues

February 2012
Explore the February 2012 Issue

Check out more from this issue and find your next story to read.