Thursday, August 2, 2007

Costs of Data Retention

Does anyone remember the good old days, when developers were called "programmers" and used to pride themselves on the quality and brevity of their code? There's a distinct dark side to capacity, speed and data being increasingly free at any small increment; the cost is invisible to the individual programmer, so its disregarded. We all know about bloatware, and its impact on the speed of your computer. Less reported, but increasingly clear to me are the costs of network traffic. The internet, your LAN and your phone network is faster all the time, but its not unlimited, especially as transaction counts rise due to more users, more devices per user and more bloated software wanting to know more about you. But what about the cost of data retention? Now that space, even on the smallest device, seems free, too much is retained, and far too much information that should be considered secret. Yes, there's retries, preserving for the session, etc., but as a result of this, data is being retained forever. An ID badge I use every day has the SSN sitting there in plaintext. Why? Okay, so isn't that secret anymore. How about my credit card? The industry has some solid metrics and standards that were supposed to be implemented in 2005. How are they doing? Visa has been running a series of polls. Remember, this is self-reported, not an audit by Visa. It could be much worse than this. eWeek: Retailers not exactly where visa wants them to be
But given that Visa has said that there are 1,057 retailers in that group (327 Level 1 U.S. retailers and 730 Level 2 retailers), that four percent suggests that about 42 major retail chains aren't even claiming that they've stopped retaining that data. Visa estimates that the 96 percent relates roughly equally to both groups, suggesting about 13 retailers in the Level 1 group (with the very largest retailers) and about 29 in the Level 2 group.
This is mostly things like retailers retaining the entire contents of the magstripe, forever. I can only imagine why, and I'm hoping the more I write the more I get towards and understanding of how good requirements become bad specifications, and business rules just get lost.

No comments: