20,000 laws for data

In a thought provoking post Mark points out:

There are now more than 20,000 laws world-wide that regulate how companies must protect, retain, and secure information. These laws are often complicated, and sometimes even contradictory. These rules often must be applied to all data types regardless of the application. In many cases, information cannot even leave the country in which it was created

But Mark’s a practical guy who understand that 20,000 laws can’t realistically be complied with in most – if any – enterprises for all their data:

So how do companies deal with this complexity? The fact is that I believe that most don’t. This is an almost impossible problem in most current IT environments.

Mark works for EMC and so see’s the solution as:

The secret is decoupling information from individual applications and creating unified and federated content repositories where rules and policies can be applied regardless of the application.

But he’s still realistic:

This does not mean that all of the data moves to one big archive or repository. On the contrary, much of the content created must to remain in place. Federation, simply means that there is a uniform way to set data taxonomies and data policies so that requirements can be applied in a simple and uniform way.

It’s a nice idea, but in a web 2.0/consumerized world with data moving from a few places like CRM, PDM and ERP, File Systems, Intranets to a myriad of application specific places on servers that the enterprises don’t own, control or even influence directly I’m not sure that this solution is practical.  That said I’m not sure I can offer another alternative that can keep up with the pace of innovation in the market right now.