Data regulation a critical concern

Data regulation a critical concern:

By Val Bercovici
Special to Globe and Mail Update

"Do you know the staff in your corporate compliance department? How about the names of your records management colleagues? If you're acquainted with your legal department, hopefully it's for all the right reasons.

Corporate scandals in Canada and the United States have given rise to investor and consumer concerns over business integrity and privacy issues. The media spotlight on these fiascos has created large-scale public demand for companies to redefine the processes and technologies used to store corporate information. Behind the scenes, a fascinating by-product of this movement is that information technology (IT) professionals are now more likely to have lunch with compliance, records management or legal colleagues than ever before — bridging the ever-present gap between C-level and IT executives.

Responding to corporate scandals at Enron, WorldCom and Tyco, American legislators enacted new federally enforced rules such as Sarbanes-Oxley and SEC Rule 17a that dictate enterprise financial data integrity and retention practices. Regulating consumer, employee and patient privacy and confidentiality, however, is left to the discretion of the individual states, with California (Bill 1386) leading the way. But doing business north of the 49th parallel exposes companies to very different rules that will determine short-term regulated data retention priorities.

Canada has embraced a different approach to data regulation over our American counterparts. One reason for this difference is that Canadian culture is less litigious and consequently places less emphasis on exposure to shareholder lawsuits necessitating onerous financial regulations. Canadians are more focused on preserving individual rights. In an ironic contrast to our American neighbours, securities commissions are provincially operated in Canada, whereas privacy legislation such as PIPEDA (Personal Information Protection and Electronic Documents Act) is enforced at a national level.

Regulated data will likely outlive the people who manage it. And now, C-level executives have pulled a chair up to the IT department's lunch table and are working hand-in-hand in defining their company's technology requirements."