The regulations -- some new and others reinterpretations of old statutes -- are so mind-boggling many storage administrators are beginning to wonder whether some kind of malpractice insurance might be the order of the day.
"There is no certification for the IT department that protects us against these new legal issues," says a worried database administrator at a major New York bank, who requested anonymity. "If my boss tells me to shred a whole bunch of emails, that is what I am supposed to do... But I don't want to end up in court fighting against my CEO."
Last December, five top Wall Street brokerage firms were fined a total of $8.25 million for not preserving email communications as required under Securities and Exchange Commission (SEC) rules. Since then, storage policies have become an extremely sensitive issue for the financial industry.
The SEC isn't the only regulatory agency demanding that more data be captured, reported, and retained. Nasdaq, the Bank for International Settlements, and the Department of Homeland Security are drafting compliance legislation and rules faster than most people can read them. The goal, of course, is self-serving: To restore confidence in the markets.