Make 'Em Pay
In order to get business to do it right, you must make the cost of keeping data secure less than the cost of not securing data ("Making Up For A Data Breach," Feb. 22, 2007). This could be done by a fine per account lost, stolen, or compromised at somewhere in the thousands of dollars and 10 times that if a company doesn't report it. I've seen reports on studies that place the cost per account of lost data at around a couple of hundred dollars. It's all part of the cost of doing business. The fines collected could be routed to law enforcement for the fight against identity theft.

Also, imposing mandatory jail time (one day per account lost?) for CEOs, CIOs, and corporate board members might get some action. If they think it's important, it gets the resources.

RAY RATHBURN
IT Systems Supervisor, Office of Quality Performance
Social Security Administration, Seattle

---

Collaboration 2.0
I want to point out an aspect of Web collaborative tools for business that may be slowing adoption of Web 2.0 software and services ("Nine Easy Web-Based Collaboration Tools," Feb. 26, 2007).

You write: "Their entire collaboration toolset consists of passing documents back and forth by E-mail. But the Web offers a variety of choices for workgroups looking to implement more advanced technology."

I agree that the process of E-mailing and attachments is inefficient and error-prone, but the users can control at a very granular level who gets what communication and documents over a time span or business process. They can control their workgroup dynamically.

Current Web 2.0 office-ish suites don't really provide for easy, dynamic workgroup security and access since they're really designed around office suite (i.e., personal) software designs. And wikis at present are either too "open" or too "closed" for most business processes.

Web 2.0 offerings need ways to help business users manage their own workgroups easily. In the meantime, there will be "security" questions in new users' minds, and they'll probably want to stick with E-mail and attachments for now.

STEVE KOHLER
CEO, iwoorx.com
Suwanee, Ga.

---

Part Of A Bigger Picture
Although an important contributor to ongoing developments in enterprise architecture, the Open Group is neither open nor an "IT standards consortium" ("Architects In High Demand," Jan. 29, 2007). It has a proprietary product and charges folks to even take a look at it.

Its Association of Open Group Enterprise Architects is definitely not the "first professional association" for enterprise architects, not the first to offer certifications, and clearly not a society for all architects since, as its name indicates, it only speaks Open Group there. There's nothing equivalent to the Project Management Institute that I am aware of in the enterprise architecture space, but the EA Interest Group and International Association of Enterprise Architects have both been around for a while, the latter perhaps a seedling of a PMI-like organization. Enterprise architecture certifications are offered by many organizations.

Open Group is a very small part of a very large movement that I believe is working on creating what Federal Reserve Chairman Ben Bernanke calls the "intangible capital" of the Information Age--kind of like what Scientific Management was to the Industrial Age.

LEON A. KAPPELMAN
Professor of Information Systems
University of North Texas, Denton, Texas