It's About Damn Time

2:00 PM -- $16.4 million and counting.

That's the amount of fines and penalties levied in the last six weeks by the National Association of Securities Dealers and the New York Stock Exchange on financial services companies that got sloppy with managing or producing electronic business records. (See Regulators Rip Records Managers.)

The article goes on to cite other examples in the last year in which securities firms got dinged for more than $2.5 million.

Chump change when your funds are worth billions? Maybe. But with the alphabet soup that makes up state and federal compliance laws, it's well past time we saw some enforcement action. Are these laws for real or not? Were legislators and regulators serious about protecting shareholders and individuals in the wake of WorldCom/Enron and mounting identity theft losses?

My inner cynic wonders why politicians haven't glommed on to this barrel shoot, especially in an election year. Surely there are others besides N.Y. Attorney General Eliot Spitzer with the nerve and political will to take on banks, insurance companies, and other financial companies. Or is the smarter play not to bite the hand that donates?Still, there are how many hundreds of eyeballs with regulatory oversight of these companies and exchanges? The Securities and Exchange Commission (SEC) has been remarkably passive and silent on these sorts of enforcement issues. Why not a nice, high-profile Martha Stewart kind of action to signal its intention to get serious on data archiving?

Enough chest-beating. It seems pretty clear from vendor and association surveys that many companies still haven't a clue what they need to do to come into compliance with archiving and data privacy laws. So they do little, or nothing. (See Email Looms as IT Threat.)

More worrisome is that when the "snap-to" command comes from the executive suite, it's most likely the folks staffing the data center that will get slammed hardest. Companies may realize they'll have to spend on this, but just how much money gets freed up to add personnel or buy the gear to manage in this brave new regulatory world is an open question.

Vendors and consultants tell us that compliance is driving spending in storage, but how much of this is new spending or spending devoted to specific compliance projects intended to mollify regulators or shareholders? Write us and let us know what's brewing at your company in the interplay between the data center and executive offices.

Terry Sweeney, Editor in Chief, Byte and Switch0