The appliance of compliance.Corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. and regulation were one of the dominant themes of 2004 and look set to continue to be so throughout 2005. Corporate governance relates to how an organisation is run, and has repercussions repercussions npl → répercussions fpl repercussions npl → Auswirkungen pl for almost every department--particularly Finance, UR, Auditing, Procurement and IT. Due to the nature of the potential content of email, ranging from a simple customer query to financial projections, the use of this application demands particular attention to ensure that its management helps to secure regulatory compliance. From the late 1990's, numerous new regulations have been introduced in both the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and Europe, often in the wake of corporate scandals A corporate scandal is a scandal involving allegations of unethical behavior by people acting within or on behalf of a corporation. A corporate scandal sometimes involves accounting fraud of some sort. where unethical unethical said of conduct not conforming with professional ethics. business practices fell foul of existing financial reporting and disclosure rules. The backlash from these high profile episodes prompted newer corporate compliance legislation, such as Basel II Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The purpose of Basel II is to create an international standard that banking regulators can use when creating regulations in Europe and Sarbanes-Oxley in the United States. This Is now being implemented alongside the likes of the EU Data Protection Directives and the Privacy & Electronic Communications Regulation, to ensure that companies put and keep their houses in order. In general, the relationship between email and the law is a patchy PATCHY - A Fortran code management program written at CERN. one, with a mismatch mismatch 1. in blood transfusions and transplantation immunology, an incompatibility between potential donor and recipient. 2. one or more nucleotides in one of the double strands in a nucleic acid molecule without complementary nucleotides in the same position on the other of old and new law dealing with old and new issues. There is no single law relating directly to the use of email, and yet it is touched by several pieces of legislation intended to balance the interests of privacy and human rights with protecting corporate investment and security. For example, in the UK, the 7th Principle of the Data Protection Act requires that businesses take 'appropriate measures to prevent the unauthonised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.' Although somewhat ambiguous in its definition, it essentially means that companies must protect all electronic communications containing customer data, including all emails sent and received. It is not just customer information that must be considered. In order to be compliant with the regulations, businesses must take appropriate measures to mitigate the risk of disclosing valuable or sensitive organisational data. Unauthorised access to or distribution of financial forecasts, intellectual property or any other company--sensitive information can not only contravene con·tra·vene tr.v. con·tra·vened, con·tra·ven·ing, con·tra·venes 1. To act or be counter to; violate: contravene a direct order. 2. legislation but may also do substantial damage to an organisation's credibility, reputation and future competitiveness. It is also worth remembering that contracts are often inadvertently created via email--without either-party realising it. There has been a tendency for some companies to dismiss regulatory compliance as something that they don't really need to worry about, and it's only other businesses that need to worry. Consider then what would happen if a legal disclosure order sought access to all email sent between Mr A and Ms B over a six month. Or if as part of an investigation all emails sent by finance and HR over the past two years had to be retrieved. Unless the organisation in question has efficient email back up, search and retrieval, this is likely to be a lengthy and costly process, and failure to provide the information could have serious repercussions. It is easy to concentrate on the seemingly negative implications of ensuring compliance--it is expensive, complicated and time consuming. However, not enough attention is given to the benefits of being compliant. Investors pay a premium for shares in companies that can demonstrate they are well governed; in the UK and US this is estimated to be around 15-20% extra on capital value. In addition, businesses that can prove they are well managed tend to attract high calibre employees and customers. So quite apart from avoiding the long arm of the law and damage to brand and reputation, exercising good governance The terms governance and good governance are increasingly being used in development literature. Governance describes the process of decision-making and the process by which decisions are implemented (or not implemented). practice has some other major advantages. Comprehensive email management and security solutions have a vital role to play in meeting regulatory requirements Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. . As a basic rule, companies are advised to make sure that they seek proper protection from viruses and other malicious content. They must also ensure that they have taken reasonable measures to defend personal information relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc customers and employees. One of the most effective ways of achieving this is to use a proactive Internet level service to foster a safer working environment, offering protection against previously unknown security attacks and breaches of confidentiality. A managed service can also help companies to adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. regulatory requirements relating to archiving, storage, back up and retrieval. Any organisation facing regulatory compliance, a growing number, must do a cost/risk equation. There is no doubt that it is expensive to comply--both in terms of hard cash and man hours. This is another reason why many companies are turning to a managed email security service, as it offers a predictable monthly expenditure which can be easily planned for. Ultimately much of the successful management of IT compliance lies in the effectiveness of the business processes and monitoring systems put in place. But just as prevention is better than cure, ensuring that proper email security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security are activated and maintained can go a long way to casing the burden of complying with regulations now and in the future. Mark Sunner, MessageLabs |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion