To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/research/specialreports/compliance/0,3800003180,39127305,00.htm

'Jail or compliance? You decide', directors told
But will prison fears lead to conspiracy of silence... or apathy?

By Will Sturgeon

Published: Monday 24 January 2005

Company directors have been reminded that a failure to comply with tightening regulations can and will land them in prison, despite continued apathy among many.

Under regulations such as Sarbanes-Oxley non-compliance can result in personal liability as well as fines and other punitive measures taken against their company and the individual responsible.

But while much has been written about SOX, one speaker at the Computer and Internet Crime Conference in London urged delegates not to take their eyes off less fashionable regulated areas as well, such as privacy.

Michael Colao, director of information management at Dresdner Kleinwort Wasserstein, urged his peers to "go back to the office and check their privacy policy".

"What data are you keeping on staff or customers?" he asked. "And how are you keeping it?"

"If your security provisions are not up to date and there is a breach, you, the individual responsible, could face liability," he said.

However, Colao expressed concerns that such rules may encourage some individuals to try brushing even more under the carpet, especially when it is their neck on the line.

Recent research from Compuware revealed that a third of IT directors believe they will miss important compliance deadlines and, with legislation such as SOX, Basel II, the Companies Bill and the forthcoming Operational and Financial Review all bearing down on them, the juggling act is only going to get tougher.

Although 94 per cent of respondents said they were aware of their increased liability, a worrying 72 per cent said they were not at all concerned about missing deadlines.

Colao said some countries are well ahead of the game on such issues while the strictness of regulations and penalties varies wildly around the globe.

He cited the case of Italian privacy laws. In Italy, the individual charged with ensuring the required security measures are in place can be jailed for three years for non-compliance – irrespective of whether or not there has been a breach.

Other European countries were singled out for having incredibly strict privacy laws.

The implications of such variation is clear for any company dealing with customers in those countries. "Local laws become global laws," said Colao.