mikogo .com or join.me work (but not really free for commercial use)

"chilling" to who ?

In the present state of things, If you are socially truthful / factual: You cannot. If you are not socially truthful / factual: You have a better chance of it because you are not socially truthful / factual, however, the more you are not out there your chances greatly improve. It is because it hasn’t happened That it will happen Across the net.

I am interested to hear what people have to say here. I have manuscripts that I just can't seem to pull together to form a book, so the idea of articles could work.

yes! yes! yes!

my vote is that if it is not being paid, it should not have to maintain the files; except, of course, unless it is an e-discovery issue. I admit that I am not read-up on all of this story, but nothing reported here or in the article linked, says that it is an e-discovery issue. If a governing body requires it (when it's not for e-discovery), that body should pay. If this was an e-discovery issue, the 3rd party could make a business-loss claim against its insurance company for payment, and that insurance company should have plans in place to mitigate against an extended period of time. . . . I admit that this is probably an issue for those whose data it is, and I think the network should now plan for such occurrences to happen again in the future (data-owners should have redundant systems for the same data, AND\OR The business owners [not the host] should have redundant systems and to auto-enable the data owners to remove their data; and to put clauses in their agreements to enable access-for-the-explicit-purpose-of-determining-contact-for-the-data-owners, in such a situation as this only, to enable a governing body to contact the data owners to notify that there is a small charge required to retrieve their data [for instance]. AND\OR The business owner [the host] should build-in an agreement with its customers for access only under supervision of a governing body [or something like that] to determine contact for the data owners.) For a business to be required by a law\court\rule to maintain the data in a situation that is not insurable, that is actually preventing the host from doing business. my .02

The issue is not going to go away, so, 'The role of IT' is not really the issue. The issue is really one about the culture of the business: IS business conducted in a manner with risks that could potentially cost, or is business conducted in a manner that deliberately minimizes those risks?

What I have seen is that either their lack of understanding of the need for security exists solely because they really have no idea (even that they have been operating under false assumptions that the 800 pound gorillas that they use in their daily work will some how 'save' them), or, it exists because they choose to ignore facts. -Some would say that ignoring facts could be thought of as a strategy for operations, but that's another conversation. When they have already chosen to ignore, logic is not going to convince them without a great big fight. So, in that scenario, as the first commenter here suggested: Walk away from the endeavor. But if it's that they really have no idea or are misinformed, in my experience, to be successful in getting buy-in for the need, I had to be ready to take the conversation through the entire scenario. --> Start by asking them how much they enjoy \ can afford risk. The answer is usually “not much.” This opens the path to a conversation about how much risk exists in \ for the organization, why and how\where it exists, and how risk can be mitigated by proper management of it, and the potential consequences of failure to do so. Of course, to have this conversation, you must be educated and convincing in your knowledge, and you must be able to point to relevant examples. --> identify a serious problem; demonstrate a 'fix'; and obtain buy-in to resolve it. --> THEN there are the initial costs to discuss concerning your proposals for the remedy \ mitigation efforts. Here, you must really be prepared AND understood by your audience, so your 'talk' has to be knowledgeable and practiced. You’ll most likely have to initialize a risk analysis for the organization, as well as a ROI analysis. You must also be able to convincingly convey the concept of 'increased risk with time', and speak to their desires for success and good reputation. If you want to be doing this; if you are passionate about the cause; if you are comfortable with 'the end justifies the means', then this is something you MAY be able to accomplish. But if you are not able to passionately talk about the issue and its causes and its costs and its fixes, you will be wasting your time, and, also, making it harder for the next person who attempts to get that buy-in.

Not everybody has the talent to be a good author (I don't fool myself). Some writings get muddled, and some responders simply interject confusions. The topic(s) of ‘data privacy rights’, why they are needed, and including who is subject to adhere to regulations concerning them, why they are subject, when they are subject, and the regulations themselves, all deserve to be logically discussed .. . .. .Because there ARE regulations. -Regulations concerning information that a person or other entity may hold [about] another person, or other entity, which, if obtained by an unauthorized 3rd party, could be used in an unauthorized manner. (If you legitimately [authorized] collect and save someone else's information, you have a responsibility to protect that information from unauthorized access, viewing, collection and\or use. And, generally, authorized for your use does not authorize you to authorize any other person or entity.) The Ops’ title is: - “Employee-Owned Devices Muddy Privacy Rights” - Business and Tech headlines lately are loaded with mentions about, and references to such things as, “Bring your own device to work(BYOD)”, “Commercialization of Corporate IT”, etc., etc., which talk about employees using their own devices to access work-related assets, for different reasons. As is pointed-out in various comments above, the persons or entities that are subject to the aforementioned regulations are required to take ‘reasonable steps' to comply with those regulations. It is NOT reasonable to ‘assume’ an employee’s personal device is and will remain to be ‘in compliance’ with the subject regulations, therefore, it is NOT a ‘reasonable step’ to openly allow employee-owned devices access to the internal information. The computer systems we saw on television, Star Trek and the like, will one day govern us; but not yet.

As it does become costlier to 'keep all data', regarding business data, when using a data or document 'classification' method which identifies data that poses greater risks for the organization, regulatory and\or legal, or in unnecessary costs, once the data can be moved from 'riskiest' to 'least risky', maybe then it becomes acceptable to introduce the 'unknown' of 'where' the data is located, (if you keep it, at all), but surely not while the data is classified as 'risky'.

Concerning stored data, one way or another, one or more of these requirements comes into play: "confidentiality, integrity, availability", or sometimes "authenticity" If you are seeking 'proof' of any one of these concepts regarding the data, at any of the varying stages of consideration, how can you, or your service provider, prove it if there is a question of "where" the data resides?