Having spent a few days recently with the storage folks at both EMC and HP, it seems we are set for another sea change in the way we manage data storage systems. They pointed out that new corporate governance laws mean directors of publicly traded firms might go to jail if their firms' break the rules.

The vendors added that better IT systems - supplied at least partly by themselves, of course - could help keep executives right, ensure good reporting, and avoid problems like the Enron scandal.

Corporates have good reason to be concerned about the new regulations. The Bank of America, for example, has received multi-million-dollar fines for failing to produce emails demanded by a court.

Firms in certain industries will face additional burdens. For example, those in the healthcare sector in the US may have to keep Health Insurance Plan Abstraction (Hipa) data, preserving certain records for the lifetime of patients.

Now there's a challenge to the idea of a paper-less office. I don't know anyone who claims to sell a disk array that will last for 80 or more years, which raises some interesting thoughts. IT managers don't usually want to be locked in to particular vendors, but the new approach could be: "You can lock me in, provided the lock-in lasts my lifetime."

Given the need for systems that can last 80 years or more, I think it will take the storage vendors a while to prove the cost of storing data on their disk drives would be cheaper than old-fashioned paper methods.

UK firms will have to comply with a number of laws concerning data storage. They could easily fall foul of the UK Data Protection Act, for example, if they cannot produce certain emails when asked, or if they cannot prove that certain emails were deleted at the appropriate time in accordance with the law.

This last point poses interesting problems for firms that archive data on tape. Given a good librarian, plus all the relevant hardware and software, it might be possible to locate the tapes, delete relevant data, and leave the rest intact. It might be possible, but done manually it would cost a fortune. I have a pile of tapes, but the DAT drive and software that made them are both long gone.

Write-once-read-many (Worm) disk drives used to be regarded as a great archive medium, but in the world of regulatory compliance, being unable to delete something could cost a fortune in fines.

So storage vendors argue that automated storage management systems really have a role to play. But if IT systems are purchased for regulatory compliance this raises the question of who will carry the can if the software goes wrong.

I doubt vendors will reimburse firms if software bugs prevent data from being produced, and courts will not accept explanations about worms wiping hard disks.

The Sasser worm recently highlighted how flawed software can lead to delays and lost data. If ever there was a reason to demand warranties from IT vendors, legal compliance could be the best yet.