Don't Let Your CRM System Feed the Lawsuit Beast

"Discovery" sounds so positive and beautiful, they named a cable channel after it. But when it comes to legal discovery, there's nothing you'd want to put on TV. Think you don't have anything discoverable in your CRM system? Think again.

By David Taber
Fri, March 12, 2010

CIO

Part of my consulting work is as an expert witness, working with lawyers as a forensic CRM analyst. These cases usually involve mergers, reseller agreements, and breaches of contract. But they may also involve wrongful termination, customer privacy issues, trademarks, and compliance issues. For an analyst who knows what they are doing, your CRM system holds a wealth of discoverable clues that can be turning points for lawsuits.

For any modern marketing and selling organization, CRM is as essential as an accounting system. But most organizations don't realize the value and the scope of the data their CRM represents. You need to understand the policies and the best practices to keep your compliance and legal discovery issues to the absolute minimum. Get this on your agenda pronto.

Financial and Personal Data

At the top of everyone's list should be the customers' financial information. The best way to avoid PCI audits and headlines about credit card lists leaking to the internet is to not store that data in the CRM system in the first place. Although your customer service reps (CSR) may need to access that data, the CRM system should hold only pointers (external keys) to the system of record for credit card numbers, bank account numbers, payment history, etc. A good integration broker can bring that information over for real-time display purposes only — this is where a browser UI and Web 2.0 mashups really shine. If you must cache some customer-sensitive information in the CRM system, truncating the fields ("last four digits of your social") is the least you can do: multiple obfuscation techniques should be used in tandem.

It's more than just those obvious financial data. In insurance and medical records, add HIPAA. For education and government markets, there's FERPA. Add your favorite acronym here — it all adds up to the need to protect your customers' (and in some cases employees') personal information.

And then there's Europe. U.S.-based readers may not realize the European Community's personal information protection rules are much tighter than those out of Washington, and some member countries have even tighter privacy regulations than the EC. Even though these privacy laws are intended to protect the information of "natural persons" (consumers), if you sell B2B you have to be aware of the requirements with respect to your customer's European employees...and your own. EC Directive (95/46/EC Chapter IV) indicates that the personal information cannot be transported or processed outside of the EC unless the country it's being processed in has privacy laws at least as stringent as the EC. Lovely. The good news is, there are several ways to resolve this. But you'll definitely need to consult your attorney regarding compliance strategies.

Continue Reading

White Papers »
CRM Thought Leadership Booklet
Read this white paper, created in collaboration with Frost & Sullivan, to see how a customer relationship management (CRM) solution can help you respond on the customers' terms.
Oracle's Optimized Solution for CRM - A Business Case for Secured Siebel CRM on Oracle's SPARC T-Series
This white paper explains how deploying SPARC T-Series servers, which can execute cryptography at full CPU speed, as the cornerstone of your secure CRM deployment mitigates risk while maintaining an advantageous TCO.
Accelerate time to application value
For your IT organization to keep pace with the business, you need a new, faster approach to infrastructure deployment-an approach that increases agility and accelerates time to application value. That's HP Converged Systems. Built on Converged Infrastructure, these systems deliver the industry's first portfolio of pre-integrated, tested, and optimized infrastructure solutions for applications running in virtual, cloud, dedicated, or hybrid environments.
Top 10 Myths About Virtualizing Business-Critical Applications
Even though virtualization has brought positive change to enterprise IT over the last decade, some skepticism remains about how valuable virtualization can be in the way companies deliver and run business applications. Uncover the truth about how you can run your business critical applications with confi dence without sacrifi cing
availability or service quality-and at lower costs.
The Hidden Truth About Virtualizing Business-Critical Applications
This IDG whitepaper highlights key findings based on the Quickpoll Survey conducted with more than 300 Enterprise and Commercial IT decision makers worldwide about the state of their virtualization of business critical applications. This paper answers such questions as: What drivers are pushing companies to extend virtualization beyond servers? and What value are they realizing? Central to the paper are key results that expose risks of the past (fears of limited ISV support, performance impact) no longer are a factor for companies moving to 80+% virtualized.
Enterprise Java Applications on VMware: Unix to Linux Migration Guide
This guide focuses on key considerations for IT Architects who are in the process of migrating Java applications from UNIX to Linux as part of their VMware server consolidation project.
Webcasts »
Customer Lifetime Value for IT
Watch the video to learn how IBM SPSS Predictive Analytics enables marketers while reducing the burden on IT.
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as support considerations
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and disaster recovery and support considerations.
Virtualize Business-Critical Applications with Confidence
Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere® 5, VMware is helping customers accelerate the deployment of business-critical applications, including Exchange, SQL, SAP and Oracle.
Discover the Benefits of Virtualization for Federal Applications
Want to say goodbye to missed SLAs? VMware can help you virtualize mission-critical applications such as Oracle, MS Exchange and SharePoint to achieve dramatic improvements in uptime, performance and responsiveness. In this webcast, we'll discuss the key benefits of virtualizing your agency's most critical applications and Oracle databases as a necessary first step in fulfilling OMB's mandate to move IT services to the cloud. With VMware, you'll be on the way to quick, effective and full compliance.
When Java EE Is Overkill: Lightweight Application Server Benefits
The complexity, cost and technological bloat of traditional Java EE application servers are often barriers to running a lean and efficient IT organization. Increased need for scalability and rapid application delivery are driving businesses to reconsider the platform they use for application deployment. By combining the portability and agility of the Spring framework with a lightweight application server, your organization can meet business demands while staying within budget constraints. VMware vFabric™ tc Server is a modern, lightweight Java application server based on Apache Tomcat. It improves developer productivity, control and manageability-and is the most flexible platform for virtualizing Java applications and workloads for the cloud. View this webcast to learn about real-world examples of companies that have adopted VMware vFabric tc Server and how to plan for future cloud deployments.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

CRM Thought Leadership Booklet

Oracle's Optimized Solution for CRM - A Business Case for Secured Siebel CRM on Oracle's SPARC T-Series

Accelerate time to application value

Top 10 Myths About Virtualizing Business-Critical Applications

The Hidden Truth About Virtualizing Business-Critical Applications

Enterprise Java Applications on VMware: Unix to Linux Migration Guide

Virtualizing Tier 1 Applications: A Critical Step on the Journey Toward the Private Cloud  

Best Practices Guide: Microsoft Exchange 2010 on VMware

Google: Security for Google Apps Messaging & Collaboration

Forrester: Economic Impact of Switching to Google Apps

ESG Analyst White Paper - VMware's vSphere Storage Appliance: High Availability for Small IT Operations

Lightweight Application Development Systems Ride the Cloud: IDG Report

Modernizing Application Platforms for Cost-Effective Cloud Readiness

VMware View Optimization Guide for Windows 7

VMware View Optimization Guide for Windows 7

A Guide for Enterprise VMware ThinApp Deployments

NetApp, VMware, Cisco, Wyse, Fujitsu 50,000 Seat VMware View deployment

Licensing for SaaS Applications: ISVs Take to the Cloud

Virtualization reduces costs and complexity for mid-sized businesses

Consolidating SAP Applications to Linux on Power by IDC
Resource Center
buy a link »
Ads by TechWords