Friday, October 19, 2007

The Other Side Of Compliance

Yesterday I was thinking about Big Brother and privacy… It is proved historically that systems like ECHELON won’t have success mainly because even if was possible to collect and store such amount of data, it’s tremendously difficult to analyze this data or somehow use it.

I asked myself: ‘What can I do if I still need to collect, store and use this data?’ The answer was obvious – let’s a collect and store data not in one central place, but in place of origination. To my mind, it’s really easier to process a number of small databases than one huge database.

How government agencies can force companies store desired amount of data for desired period of time and process that data in predefined way? The answer is obvious again – let’s make a number of regulations and make everybody comply with them.

Finally, special agency with power to take collected records – that’s all I would have needed.

So, what are the pros and cons?

Pros:

  • No need to employ staff who will support huge DB, the will be ‘outsourced’.
  • No need to store somewhere that DB, and I don’t need to invent systems to collect the data.
  • ….
  • Well, nothing is required – just write standard to comply with.

Cons:

  • No ability to correlate data between Companies to see general picture… But it isn’t 100% so.

1 comment:

Amiran Alavidze said...

Well it's not just "write the regulations". Actually, those regulations worth nothing if nobody checks compliance to them. This means - (federal) agency for compliance monitoring, write compliance guidelines, definition of the penalties, plan transition period when new regulations come to force, etc.
And honestly I don't think your proposal would work (but it already works to some extent as there are many regulations that define data retention periods).